Endgame to Present at REcon 2016
Senior Vulnerability Researcher Will Explore ARM Debug Architecture and Shed New Light on Hardware-Assisted Rootkits
Arlington, VA -- June 14, 2016 -- Endgame, a leading provider of cybersecurity software solutions to hunt for advanced adversaries, today announced that Senior Vulnerability Researcher Matt Spisak will present at REcon 2016, the computer science security conference that focuses on reverse engineering and advanced exploitation techniques. Spisak’s talk, entitled “Hardware-Assisted Rootkits and Instrumentation: ARM Edition,” will take place on June 17th during the three-day conference in Montreal, Canada.
Security researchers have limited options when it comes to debuggers and dynamic binary instrumentation tools for ARM-based devices. During his presentation Spisak will explore a common but often ignored feature of the ARM debug architecture, and delve into the unique use cases that this hardware component affords researchers spanning instrumentation, rootkits, and exploit prevention.
In addition, Spisak’s presentation will:
- Introduce a prototype toolkit with IDA plugin that can perform real-time tracing, code coverage analysis, and more, of the Android kernel on COTS smartphones without requiring virtualization extensions or special hardware.
- Compare implementations of this hardware unit across multiple chipset vendors, and discuss applicability to other ARM CPUs found in smartphones like WiFi and cellular basebands.
- Demonstrate how this debug interface can be turned into a hardware-assisted rootkit, with a prototype kernel-level Android rootkit.
- Detail a specific use-case for exploit mitigations on embedded systems.