The 2015 Pwnie Nominee For Most Innovative Research

Modern Platform-Supported Rootkits

Credit: Rodrigo Branco and Gabriel Barbosa

The presentation is innovative because it demonstrated the dangers of composed assumptions in Modern Computing Environment. The presenters uncovered lots of hidden functionalities in modern Intel architecture to prove their points. In the materials, they also released new techniques that makes it impossible for software to defend itself due to the decisions of the hardware and how to avoid such confusions in the future. They unveiled new ways for malware to protect themselves, splitting functionalities and ways to abuse platform capabilities to hook system properties. To finalize, they also expanded current understanding of computer caches to a new level, using software-only ways to create cache async and bypassing forensic tools (with demonstrable proof that previous research lacked).