There's two ways microcode goes on Intel CPUs. Maybe it's some weird turf thing they're doing against NSA? But the stuff in the CIA leaks is not the standard you need to be protecting yourself against. I don't know why the CIA has this team of people bumbling around with DLL injectors and AV bypasses. So this is at most mid-single-digit millions worth of work. People who can write hypervisor rootkits command a pretty decent salary, but it's not 2x the prevailing SFBA senior salary. If you summed all of it together, you're talking ~2.5 FTEs across 7 different research projects which we will very generously assume took a full year to develop (spoiler: no, none of them did). * Bluepilling (implementing a hypervisor rootkit) The Xen Hypervisor * Detecting And Preventing Xen Hypervisor Subversions * A New Breed of Rootkit: The System Management Mode Rootkit Here's the rootkits track from Black Hat 2008 - keep in mind that this is almost a decade old and that it's public work: If you're calibrating your defenses based on the idea that application programs on Windows and OS X can defend against malware, you're playing to lose. The DLL injection stuff in the CIA leaks should embarrass the CIA. I know it's annoying to hear this, but I'm going to keep saying it: this stuff is silly.
0 Comments
Leave a Reply. |