1. COOL BOOT: ITS COOL PEDROCANDELSecurityResearcher @nn2ed_s4ur0n s4ur0n@navajanegra.com

2. Navaja negra conference @nn2ed_s4ur0n cool boot: its cool AtaqueCoolBoot Basadoenaprovecharlapersistenciadela memoriaRAMenfriandolamisma Presentadoen2008porlaUniversidadde Princeton h?ps://citp.princeton.edu/research/ memory 3. Navaja negra conference @nn2ed_s4ur0n cool boot: its cool Antecedentes UnamemoriaRAM(RandomAccess Memory)esunmediodealmacenamiento volCl Cuandonorecibealimentacinelctrica borralainformacinquealmacena 4. Navaja negra conference @nn2ed_s4ur0n cool boot: its cool Queslapersistencia? Sedenecomolacapacidaddeunequipo paramantenerlainformacinincluso despusdeapagarelequipo Losmaterialesconlosquesefabricanlas memoriasPenenpersistencia 5. Navaja negra conference @nn2ed_s4ur0n cool boot: its cool Queslapersistencia? Encondicionesnormales(~25C)pueden tardarentre30segundosy2minutosen borrarcompletamentelainformacin EstePempopuedeampliarseenfriandola memoria 6. Navaja negra conference @nn2ed_s4ur0n cool boot: its cool Queslapersistencia? Reduciendohasta-50Cconelementos normalesseconsiguenPemposdehasta 10minutosdepersistencia(teora) Connitrgenolquidohanconseguido Pemposde30minutos 7. Navaja negra conference @nn2ed_s4ur0n cool boot: its cool Degradacindelosdatos Temperaturaambiente(25C) 5segundos 30segundos 60segundos 300segundos 8. Navaja negra conference @nn2ed_s4ur0n cool boot: its cool EnfriandolamemoriaRAM Sowaredemonitorizacin h?p://openhardwaremonitor.org Nohaysensordetemperaturaintegradoen elhardware TermmetrosIRopirmetros 9. Navaja negra conference @nn2ed_s4ur0n cool boot: its cool EnfriandolamemoriaRAM Dicultaddeaccesoalosmdulos 10. Navaja negra conference @nn2ed_s4ur0n cool boot: its cool Paraenfriarconalgocasero Spraydeairecomprimidoparalalimpieza decomponentes Desde1eurohasta12euros Eciente 11. Navaja negra conference @nn2ed_s4ur0n cool boot: its cool Paraenfriarconalgocasero ClorePlochemirosa Composicin:ClorurodeePlo Anestsicolocal Conrecetamdica Sobre4Euros/100ml Ecienciamedia 12. Navaja negra conference @nn2ed_s4ur0n cool boot: its cool Paraenfriarconalgocasero Sprayrefrigeradorparacircuitos electrnicos Sobre10-15euros -42Chasta-52C Muyeciente 13. Navaja negra conference @nn2ed_s4ur0n cool boot: its cool Andthewinneris Detectordeaveras Enfrahasta-49C Noconductor Entre6-32minutos 14. Navaja negra conference @nn2ed_s4ur0n cool boot: its cool Procedimiento Usonormaldelequipo EnfriarlamemoriaRAM Apagarcompletamenteelequipo Encederelequipo VolcartodalaRAMbitabit Anlisisforensedelvolcadodelamemoria RAM 15. Navaja negra conference @nn2ed_s4ur0n cool boot: its cool Arranqueenfro Cdigodisponibleenh?ps:// citp.princeton.edu/research/memory/code/ ArranqueporPXEyUSB ArranqueEFI Versionesx86-64 16. Navaja negra conference @nn2ed_s4ur0n cool boot: its cool USBRAMDumper Modicacindelcdigooriginaldeh?p:// www.mcgrewsecurity.com/tools/ msramdmp/ ArranqueporUSB TodointegradoeneldisposiPvo 17. Navaja negra conference @nn2ed_s4ur0n cool boot: its cool USBRAMDumper MapadememoriaRAM(Modorealx86) 18. Navaja negra conference @nn2ed_s4ur0n cool boot: its cool USBRAMDumper PendrivesinparPciones 19. Navaja negra conference @nn2ed_s4ur0n cool boot: its cool USBRAMDumper Eliminarcompletamentelainformacin(y tomarosuncaf) 20. Navaja negra conference @nn2ed_s4ur0n cool boot: its cool USBRAMDumper ParPcionarelpendrive 21. Navaja negra conference @nn2ed_s4ur0n cool boot: its cool USBRAMDumper LasparPcionesunavezcreadas 22. Navaja negra conference @nn2ed_s4ur0n cool boot: its cool USBRAMDumper CrearunsistemadecherosDOS 23. Navaja negra conference @nn2ed_s4ur0n cool boot: its cool USBRAMDumper Compilarsyslinux3.61 wgeth?ps://www.kernel.org/pub/linux/ uPls/boot/syslinux/3.xx/syslinux-3.61.tar.gz tarzxvfsyslinux-3.61.tar.gz cdsyslinux-3.61 24. Navaja negra conference @nn2ed_s4ur0n cool boot: its cool USBRAMDumper makeclean makeinstall lslmbr 25. Navaja negra conference @nn2ed_s4ur0n cool boot: its cool USBRAMDumper CopiarelMBRcompiladoalUSB ddif=mbr/mbr.binof=/dev/sdc 26. Navaja negra conference @nn2ed_s4ur0n cool boot: its cool USBRAMDumper InstalarsyslinuxenelUSB cdunix ./syslinux/dev/sdc1 27. Navaja negra conference @nn2ed_s4ur0n cool boot: its cool USBRAMDumper CompilarUSBRAMDumper cdusbramdumper ./compile.sh 28. Navaja negra conference @nn2ed_s4ur0n cool boot: its cool USBRAMDumper 29. Navaja negra conference @nn2ed_s4ur0n cool boot: its cool USBRAMDumper CopiaralUSB mount/dev/sdc1/mnt cpusbramdp.c32/mnt cpsyslinux.cfg/mnt umount/dev/sdc1 30. Navaja negra conference @nn2ed_s4ur0n cool boot: its cool DEMO 31. Navaja negra conference @nn2ed_s4ur0n cool boot: its cool AtaqueCoolBoot IntroducirUSBenequipoobjePvo HacerunCoolBoot(sinbaterani alimentacinelctrica) ArranqueporUSB VolcadoautomCcodelosdatosala primeraparPcinlibredelUSB 8192bytesencadabloque 32. Navaja negra conference @nn2ed_s4ur0n cool boot: its cool Anlisisforense ddif=/dev/sdX1/tmp/memory.dmp strings rsakeynd aeskeynd foremost volaPlity Etc 33. Navaja negra conference @nn2ed_s4ur0n cool boot: its cool DEMO 34. Navaja negra conference @nn2ed_s4ur0n cool boot: its cool Contramedidas MemoriasECC TestdememoriaenBIOSalarrancar Clavesprivadasfraccionadas Clavesprivadasdiferentes DiferentesparPciones Etc 35. Navaja negra conference @nn2ed_s4ur0n cool boot: its cool Preguntas PEDROCANDELSecurityResearcher @nn2ed_s4ur0n s4ur0n@navajanegra.com