Multiplatform Malware - many of us have heard that term. Discussions on this matter arose a few month ago and they didn't cease yet. But while many people have taken interest in this matter there still isn't much of a common sense around. The time has come to change this! In this speech you will learn about
a) the current status of multiplatform malware
b) the possibilities multiplatform malware opens up for an attacker
c) different kinds of multiplatform malware
d) how to easily implement multiplatform malware using runtime frameworks You will also see a live demonstration of multiplatform malware while it's in action hopping between multiple operating systems with ease.
Multiplatform malware is here to stay. And it will be a blast to computer security once it starts to strike. Many systems we presently consider "secure" will be broken, many basic concepts of security will be circumvented. If we don't want to be on lost stands as defenders once that happens - or if we want to ride the wave as attackers - we'll have to act now. Let's create the common sense the community has long waited for! Let's discover what is possible and where fiction starts! Let's all make this fairly new technique blossom or explode - whichever you prefer.
"Born in 1988 I am currently finishing German higschool and will have it finished by the time Defcon starts. Due to my young age my biography is quite short. I have made contact with computers at an early age and from thereupon further and further developed my interest in the matter. I started simple programming at the age of 12, created my first commercial website at 15 and started administrating Linux systems when I was 16 years old. In short: The typical way of the common computer freak. Four years ago I have started to focus on computer and network security. Even though this might not be a long time in terms of computer security veterans I still managed to archive many things during this period. I have published several articles in the international hakin9 magazine including:
XSS ? Cross-Site Scripting (American edition 2/2007)
XSS ? Cross-Site Scripting (German edition 1/2007 own translation) XSS ? Attaque Cross-Site Scripting (French edition 1/2007 editor's
translation)
XSS ? Cross-Site Scripting (Spanish edition 2/2007 editor's translation) 'toky XSS (Czech edition 2/2007 editor's translation) Fuzzing ? Teil 1 (German edition 1/2007) Fuzzing ? Teil 2 (German edition 2/2007) Fuzzing (American edition 3/2007 own translation ? merge of the two German versions)
RFID- and Smartcard-security (German edition 2/2007)
Hardening with GRSecurity (German edition 2/2007)
Malware im .NET-Framework (German edition 4/2007)
Malware within the .NET-framework (American edition 5/2007 own translation)