Vigyata.AI
Is this your channel?

DEF CON 33 - Infecting the Boot to Own the Kernel - Alejandro Vazquez, Maria San Jose

1.6K views· 53 likes· 39:29· Oct 10, 2025

Bootkits and Rootkits represent some of the most complex and stealthy forms of malware, capable of achieving full system control before and after the OS is loaded. While often discussed in theory, their actual construction, interaction, and execution flow remain mostly hidden from public view. This talk sheds light on how these implants are built and how their components interact across boot stages and kernel space. We'll explore the internals of a fully functional UEFI Bootkit and Kernel-mode Rootkit, examining their modular design, runtime interactions, and the mechanisms used to hook critical parts of the Windows boot chain. Attendees will see how these implants operate across pre-boot and post-boot phases, including early internet connectivity from firmware, dynamic payload delivery, runtime service hooking, deep kernel control, and advanced capabilities like hiding files, processes, and network activity, blocking traffic, capturing keystrokes, and maintaining command and control directly from kernel space. Everything shown on stage will be yours to explore: a complete Bootkit and Rootkit framework, fully customizable and ready to simulate real threats, test defenses, or build something even stealthier.

🎬 More from DEFCONConference