BROADCASTS.com

b'In the past couple years there have been major advances in the field of rootkit technology, from Jamie Butler and Sherri Sparks\' Shadow Walker, to FU. Rootkit technology is growing at an exponential rate and is becoming an everyday problem. Spyware and BotNets for example are using rootkits to hide their presence. During the same time, there have been few public advances in the rootkit detection field since the conception of VICE. The detection that is out there only meets half the need because each tool is designed to detect a very specific threat. After three years, it\\u2019s time for another run at rootkit detection.\\n\\t\\n\\tThis presentation will review the state-of-the-industry in rootkit detection, which includes previously known ways to detect rootkits and hooks. It will be shown how the current detection is inadequate for today\\u2019s threat, as many detection algorithms are being bypassed. The talk will outline what those threats are and how they work. The presentation will then introduce the RAIDE (Rootkit Analysis Identification Elimination) tool and detail RAIDE\\u2019s unique features such as unhiding hidden processes, showing new ways to detect hidden processes, and restoring non-exported ntoskrnl functions.\\n\\t\\n\\tThe talk will conclude with a demonstration, which at Black Hat Europe included five rootkits, one virtual machine, two kernel level debuggers, and RAIDE running happily on top of them all.\\n\\t\\n\\tPeter Silberman has been working in computer security field for a number of years, specializing in rootkits, reverse engineering and automated auditing solutions. Peter was employed at HBGary during the summer of 2005; however during the year, Peter is an independent security researcher who tries to contribute to openRCE.org in his spare time. Peter is currently a sophomore at a liberal arts school where he tries to not let education interfere with his learning. Peter if not behind a computer or power tools can be found behind a pong table mastering his skills.\\n\\t\\n\\tJamie Butler is the Chief Technology Officer at Komoku, Inc. He has almost a decade of experience researching offensive security technologies and developing detection algorithms. Mr. Butler spent the first five years of his career at the National Security Agency. After that, he worked in the commercial sector as the lead kernel developer on a Windows host intrusion detection system. Mr. Butler was also the Director of Engineering at HBGary, Inc. focusing on rootkits and other subversive technologies. Mr. Butler has a Master\'s degree in Computer Science from the University of Maryland and a B.B.A. and B.S from James Madison University. He is the co-author and teacher of "Offensive Aspects of Rootkit Technologies" and co-author of the recently released bestseller, "Rootkits: Subverting the Windows Kernel." Mr. Butler has authored numerous papers appearing in publications such as the "IEEE Information Assurance Workshop, USENIX login";, "SecurityFocus", and "Phrack". He is a frequent speaker at computer security conferences such as the Black Hat Security Briefings and has appeared on Tech TV and CNN.\\n\\t\\n\\tBefore that, Mr. Butler was the Director of Engineering at HBGary, Inc. specializing in rootkits and other subversive technologies. He is the co-author and a teacher of "Aspects of Offensive Rootkit Technologies" and co-author of the newly released bestseller "Rootkits: Subverting the Windows Kernel" due out late July. Prior to accepting the position at HBGary, he was a senior developer on the Windows Host Sensor at Enterasys Networks, Inc. and a computer scientist at the NSA. He holds a MS in CS from UMBC and has published articles in the IEEE IA Workshop proceedings, Phrack, USENIX login, and Information Management and Computer Security. Over the past few years his focus has been on Windows servers concentrating in host based intrusion detection and prevention, buffer overflows, and reverse engineering. Jamie is also a contributor at rootkit.com."'