14. Alessandro Magnosi: Leveraging Emulated Read-Only Filesystems and NTFS Glitches for Inf. & Pers.
What if Stuxnet was implemented nowadays? Join our talk as we explore this scenario, diving into strange NTFS weaknesses, emulated filesystem abuses, and modern cyber tactics. Discover how attackers could reshape a Stuxnet-like attack today, and how defenders can effectively defend against it.
In homage to one of the most intricate cyberattacks ever recorded, our presentation titled "Resurrecting Stuxnet" explores contemporary strategies that emulate the intricate and covert nature of the Stuxnet worm. This exploration specifically focuses on exploiting vulnerabilities in emulated read-only filesystems and NTFS glitches. We commence with a swift analysis of Stuxnet's operational mechanisms, setting the stage for a discussion on analogous modern techniques.
Since 2011, the Windows ecosystem has undergone significant changes, rendering some of the attack strategies used by Stuxnet considerably more challenging. In our presentation, we will explain attacks like the Bring-Your-Own-Vulnerable-Driver (BYOVD) and examine the impact of robust security measures like Device Guard Signature Enforcement (DSE) and Hypervisor-protected Code Integrity (HVCI).
Expanding upon this groundwork, we introduce an innovative attack method that capitalizes on unaddressed weaknesses in emulated, read-only file systems, challenging several accepted security assumptions. This strategy allows attackers to subtly deploy and sustain malicious drivers or software, echoing the stealth tactics utilized by Stuxnet. Furthermore, we will explore unpublished NTFS glitches that allow an attacker to perform a full cleanup of the attack traces without losing persistence within the system.
In conclusion, we will discuss the creation of new indicators of compromise (IOCs) specifically designed to detect the types of attacks we outline. By drawing comparisons to Stuxnet and adapting its methodologies to contemporary technologies, our presentation strives to offer a compelling narrative of what a modern-day Stuxnet-style attack might look like. Additionally, it aims to provide insights about less recognized filesystem weaknesses, highlighting their potential complexities and the challenges they pose to defenders.
Watch video 14. Alessandro Magnosi: Leveraging Emulated Read-Only Filesystems and NTFS Glitches for Inf. & Pers. online without registration, duration hours minute second in high quality. This video was added by user x33fcon 03 October 2024, don't forget to share it with your friends and acquaintances, it has been viewed on our site 404 once and liked it 21 people.