News
07.12-14.2011
CHC will be attending the 2011 ASD(R&E)/DHS Cyber Security SBIR Workshop in McClean VA on July 12-14, 2011. Plan to visit us there! For updated times and dates ... 
03.15.2011
Clear Hat moves into their new downtown office space
03.07.2011
Awarded SBIR Phase II contract for topic OSD09-IA2: Countermeasures to Covert Access Methods to Reduce Attack Susceptibility and Ensure Trust
03.07.2011
Awarded SBIR Phase II contract for topic OSD09-IA1: Real-time Adversarial Characterization and Adaptive Software Protection Countermeasures
12.21.2010
Awarded SBIR Phase I contract for topic OSD10-IA1: Countermeasures to Malicious Hardware to Improve Software Protection Systems
04.15.2010
Sherri Sparks named as one of 12 'White Hat" Hackers You Should Know by Ellen Messmer, NetworkWorld
2.25.2010
Awarded SBIR Phase I contract for topic AF093-053: Automatic Artificial Diversity for Virtual Machines...
11.12.2009
Awarded SBIR Phase I contract for topic OSD09-IA2: Countermeasures to Covert Access Methods to Reduce Attack Susceptibility and Ensure Trust
11.06.2009
Awarded SBIR Phase I contract for topic OSD09-IA1: Real-time Adversarial Characterization and Adaptive Software Protection Countermeasures
09.24.2009
Awarded Subcontract with Riverside Research Institute
05.11.2009
Awarded Subcontract with Ball Aerospace: System Management Mode Vulnerability Assessment
08.06.2008
Presentation by Sherri Sparks and Shawn Embleton at Black Hat USA 2008: Deeper Door - Exploiting the NIC Chipset
08.06.2008
Presentation by Sherri Sparks and Shawn Embleton at Black Hat USA 2008: A New Breed of Rootkit: The System Management Mode (SMM) Rootkit
Black Hat USA 2008
A New Breed of Rootkit: The Systems Management Mode (SMM) Rootkit
Sherri Sparks and Shawn Embleton co-presented this Black Hat USA 2008 presentation. Following is the briefing abstract:
Virtualization rootkits have been a hot topic for the past couple of years. This session discussed a new type of malware with potentially even greater stealth: The System Management Mode (SMM) Rootkit. System Management Mode, a relatively obsecure mode on Intel processors, provides an isolated memory and execution environment. SMM code is invisible to the Operating System yet retains full access to host physical memory and complete control over peripheral hardware. We demonstrated a proof-of-concept SMM rootkit that functions as a chipset level keylogger. Our rootkit hides its memory footprint, makes no changes to the host Operating System, and is capable of covertly exfiltrating sensitive data across the network while evading essentially all host based intrusion detection systems and firewalls.
For further information, please see:
white paper