Infecting the Boot to Own the Kernel

Name: Infecting the Boot to Own the Kernel
Description: Bootkits and rootkits represent some of the most powerful and most feared categories of malware. They persist below the operating system, survive reinstallation, and can subvert every security control

Alejandro Vazquez, Maria San Jose

DEF CON 33 · Day 1 · Main Stage

Bootkits and rootkits represent some of the most powerful and most feared categories of malware. They persist below the operating system, survive reinstallation, and can subvert every security control

AI review

Fully functional open-source UEFI bootkit plus Windows kernel rootkit, live demo on a physical machine with Secure Boot enabled — a reference implementation the community can build defenses against.

Watch on YouTube