Jump to content
Tuts 4 You

Stoned Bootkit

Teddy Rogers

About This File

Stoned Bootkit is a research and scientific bootkit. It is loaded before Windows starts and is memory resident. Thus Stoned is executed beside the Windows kernel and has full access to the entire system. It gives the user back the control to the system, which was taken off by Windows Vista with the signed driver policy.

Stoned allows to load unsigned drivers, which is useful for hardware engineers and testers. You can also use it to create your own boot application, for example diagnostic tools or other solutions like backup, system restoration, etc.

The new thing about Stoned is that there is now a bootkit attacking all Windows versions from XP up to 7 and bypassing TrueCrypt's full volume encryption. Previous bootkits like the BootRoot which was presented at Black Hat USA 2005 or vbootkit from Black Hat Europe 2007 were only dedicated operating system attacks; however, my bootkit is now attacking multiple systems. I want to point out that my bootkit is not based on any other; however, there is great research work from other researchers and Black Hat speakers available.

Finally it is Stoned's one and single target to be the most sophisticated bootkit. It can also be used for malware developers to get full access to the system. It should be the most used bootkit in the wild for 2010. If you have any questions or concerns, please do not hesitate to contact me.

User Feedback

Recommended Comments

There are no comments to display.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...