Explore the intricacies of ransomware-infected Master Boot Records (MBR) in this 38-minute conference talk from Hack in Paris 2017. Delve into the boot process, operating system detection, and the critical impact of compromising a single sector on your hard disk. Follow along as Raul Alvarez dissects the malicious code overwriting an MBR, demonstrating how it seizes control of the boot process until ransom payment. Gain insights into debugging the MBR to observe native code execution without APIs. Learn about MBR vs. GPT, execution flow, resolving normal malware, Device IO Control API, Physical Drive Zero, and more. Witness a practical demonstration of MBR debugging and understand the implications of boot sector manipulation in this comprehensive exploration of ransomware techniques.
Dissecting a Ransomware-Infected MBR - Raul Alvarez - Hack in Paris - 2017
Hack in Paris via YouTube
Overview
Syllabus
Introduction
About me
Smallpox
MBR vs GPT
GPT
Pecha
Execution flow
Resolving normal malware
Resolving xx section
Device IO Control API
Physical Drive Zero
Winobj
Process Monitor
MBR
Boot Sector Marker
Overwrite MBR
New MBR
Debugging the MBR
Taught by
Hack in Paris
