The evolution in defensive software is really connected to the evolution of the modern threat landscape. Each new iteration of evolution is focused to cover specific gaps in detection methods or algorithms of data collection. The main direction of advanced threats like rootkits or bootkits has been always beneficial from persistent methods to be closer to the hardware and firmware levels. As much as modern operating systems evolving in the direction of building more mitigations to increase the cost of exploitation and malware persistent, as much advanced threat actors looking more for the next lowest level of persistent.

This talk will look over the prism of the evolution of advanced threats to evolution or lack of evolution of the tools for forensics and reverse engineering. During the talk, we will dig deeper into modern gaps to try to find the solution to improve visibility and prevent advanced threat actors coming from the levels where security sensors not exist.