Explore a groundbreaking Black Hat conference talk revealing the first known UEFI rootkit deployed in the wild by the notorious Sednit group (also known as Fancy Bear, Sofacy, and APT28). Delve into the technical details of this sophisticated BIOS-level attack, uncovering how the APT group, linked to high-profile cyberattacks like the 2016 Democratic National Committee email leak, successfully compromised systems at a fundamental level. Learn from security researchers Jean-Ian Boutin and Frederic Vachon as they present evidence of this campaign, bridging the gap between theoretical BIOS rootkit research and real-world implementation. Gain insights into advanced persistent threat techniques and the evolving landscape of firmware-level malware in this 50-minute presentation.
Overview
Syllabus
Malware Buried Deep Down the SPI Flash: Sednit's First UEFI Rootkit Found in the Wild
Taught by
Black Hat