Core Security Experts to Deliver Highly Pervasive Threat Research at Black Hat 2009

CORE SECURITY EXPERTS to deliver highly pervasive threat research AT BLACK HAT USA 2009

Leading Security Experts to Showcase Dramatic Rootkit
Affecting Millions of Laptops

BOSTON, MA – July 29, 2009 - Core Security Technologies, provider of CORE IMPACT solutions for comprehensive enterprise security testing, today announced that a pair of its respected CoreLabs security researchers will serve as featured speakers during the Black Hat USA 2009 conference, taking place July 25 to July 30 at Caesars Palace, Las Vegas.

The CoreLabs security researchers, Alfredo Ortega and Anibal Sacco, will present research about a newly discovered rootkit technique affecting millions of mobile computers that could leave the devices and their users exposed to potential compromise and remote control at the hands of attackers.

Building on some of the same BIOS research that won CoreLabs researchers widespread acclaim at the CanSecWest Conference earlier in 2009, the latest discovery is one that should be of concern to almost anyone carrying a laptop or notebook made by some of the world’s largest PC manufacturers today.

What: “Deactivate the Rootkit”

When: Thursday, July 30, 2009; 10:00 a.m. - 11:00 a.m. PT

Where: Roman Ballroom, Caesars Palace

Who: Alfredo Ortega and Anibal Sacco, Core Security Exploit Writers

Presentation Details:

Rootkits represent one of the most dangerous breeds of electronic attack in the world today, as they are designed to conceal their presence on an affected  system while allowing outsiders “unauthorized” access to the machine. Additionally, rootkits are difficult for users to stop or detect once successfully executed on the device.

There are three things that you should know about the newly-unearthed technique discovered by CoreLabs researchers that will be detailed in the presentation “Deactivate the Rootkit:”

  1. If you have a notebook computer, you probably have the rootkit.
  2. You can’t erase the rootkit, but you should know how to deactivate it.
  3. You should also know how someone else may activate it, repeatedly.

While sophisticated rootkits are very common in targeting most of today’s popular operating systems, including Windows, Linux, Unix and any variant of those platforms, consider a rootkit that transcends a device’s operating system and can tap into the deepest levels of its firmware, giving attackers the ability to take almost complete control of the system -- and to turn the rootkit on and off remotely, at their will.

Furthermore, consider that the very capabilities of this rootkit, and the near impossibility of completely turning it off, are based on legitimate functions built into the affected computers by their manufacturers – features that would make this rootkit, if executed, a truly dangerous and persistent threat to anyone carrying an affected device.

Ortega and Sacco will demonstrate precisely all of the above, and more, in their brief presentation about BIOS anti-theft technology used in many modern laptop and desktop computers. The CoreLabs researchers’ discovery demonstrates that sometimes, even when working in the name of trying to secure a device or system, new ways of allowing attackers to have their way with ubiquitous technologies are created.

For more information about the presentation or to schedule meetings with Core Security’s experts at Black Hat USA 2009, please contact Tim Whitman or Justin Drake at 781-684-0770 or via email at:  


About Core Security Technologies

Core Security Technologies is the leader in comprehensive penetration testing software solutions that IT executives rely on to expose vulnerabilities, measure operational risk and assure security effectiveness. The company’s CORE IMPACT product family offers a comprehensive approach to assessing the security of network systems, endpoint systems, email users and web applications against complex threats. All CORE IMPACT security testing solutions are backed by trusted vulnerability research and leading-edge threat expertise from the company’s Security Consulting Services, CoreLabs and Engineering groups. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at


Tim Whitman or Justin Drake

Schwartz Communications 

781 684-0770

Wed, July 29