News

07.12-14.2011
CHC will be attending the 2011 ASD(R&E)/DHS Cyber Security SBIR Workshop in McClean VA on July 12-14, 2011. Plan to visit us there! For updated times and dates ...

03.15.2011
Clear Hat moves into their new downtown office space

03.07.2011
Awarded SBIR Phase II contract for topic OSD09-IA2: Countermeasures to Covert Access Methods to Reduce Attack Susceptibility and Ensure Trust

03.07.2011
Awarded SBIR Phase II contract for topic OSD09-IA1: Real-time Adversarial Characterization and Adaptive Software Protection Countermeasures

12.21.2010
Awarded SBIR Phase I contract for topic OSD10-IA1: Countermeasures to Malicious Hardware to Improve Software Protection Systems

04.15.2010
Sherri Sparks named as one of 12 'White Hat" Hackers You Should Know by Ellen Messmer, NetworkWorld

2.25.2010
Awarded SBIR Phase I contract for topic AF093-053: Automatic Artificial Diversity for Virtual Machines...

11.12.2009
Awarded SBIR Phase I contract for topic OSD09-IA2: Countermeasures to Covert Access Methods to Reduce Attack Susceptibility and Ensure Trust

11.06.2009
Awarded SBIR Phase I contract for topic OSD09-IA1: Real-time Adversarial Characterization and Adaptive Software Protection Countermeasures

09.24.2009
Awarded Subcontract with Riverside Research Institute

05.11.2009
Awarded Subcontract with Ball Aerospace: System Management Mode Vulnerability Assessment

08.06.2008
Presentation by Sherri Sparks and Shawn Embleton at Black Hat USA 2008: Deeper Door - Exploiting the NIC Chipset

08.06.2008
Presentation by Sherri Sparks and Shawn Embleton at Black Hat USA 2008: A New Breed of Rootkit: The System Management Mode (SMM) Rootkit

Black Hat USA 2008

published by clearhatconsulting on Mon, 09/01/2008 - 10:09

Deeper Door - Exploiting the NIC Chipset

Sherri Sparks and Shawn Embleton co-presented this Black Hat USA 2008 presentation. Following is the briefing abstract:

The session addressed a couple of significant problems in existing IDS / Firewall technology and presented a proof-of-concept "chipset" level rootkit / network backdoor that is capable of bypassing virtually all host based firewall and intrusion detection software on the market. These include popular, widely deployed software like Snort and Zone Alarm Security Suite. Our backdoor operates at an even deeper level than previous backdoors (e.g., Joanna's "DeepDoor" rootkit) because it interacts directly with the chipset interface of the NIC hardware. Capabilities include the ability to both covertly send AND recieve packets. We use both of these capabilities to implement a simple command and control interface. Implications for security vendors include the exfiltration of sensitive information and delayed detection of malware threats like DDOS attacks, Botnes, and Worms.

For further information, please see:
presentation video

Search form

Main menu

You are here

Black Hat USA 2008