So this is the first year I’ve decided to attend the BlackHat and DefCon conferences. BlackHat was definitely interesting, especially Joanna’s presentation on subverting the Windows Vista x86_64 kernel. You can find more details in her blog posting here. Just to give you the quick snapshot, she moved the running OS instance into a virtual machine, on-the-fly, using the hardware virtualization extensions available on the AMD Pacifica. She also used a clever technique to load an unsigned driver, which you aren’t supposed to be able to do in Vista x86_64. Outside of this session, there were several others of interest (the one about taking over your machine through the wireless stack… even if you’re not connected to the network, one on taking over your Xerox machine, and several others one crafting inputs to test for vulnerabilities). Most of these have hit Slashdot already, so I won’t bore you with details you already know, but the event was definitely interesting–and frightening!
DefCon was a different story. The crowd was definitely different. With hundreds of logins and passwords posted on the Wall of Sheep using a projector, and talks on Neuro-Linguistic Programming and lock-picking, to give you an idea. To be honest, there were some good technical presentations: one on rebuilding your hard drive, another on establishing a covert channel on IPV6, and one on static and dynamic reverse engineering. To be honest, I’m not sure I’ll go next year, but it was at least fun to get a taste for the kinds of things that go on, and the sort of things the security industry is focusing on. The upcoming years with hardware virutalization are definitely going to be eye-opening in the new kinds of malware we can expect to see. The only thing I can recommend is that if you get a new processor that supports hardware virtualization, but you have no intention of running multiple virtual machines, turn off the feature in your BIOS immediately. You’ll regret it if you don’t.