Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Learn to detect ACPI rootkits through this conference talk that introduces an open-source scanning tool designed for firmware security analysis. Discover how the tool constructs a typed Abstract Syntax Tree (AST) using a custom Tree-Sitter grammar, matches malicious behaviors through declarative ast-grep rules, and applies arithmetic and boolean logic to captured values via YAML-based rule patterns. Explore the practical workflow of ACPI analysis, understand the scanner's architecture, and master techniques for extending detection rules to identify sophisticated firmware-level threats. Gain insights into low-level systems security from Manuel Gil Cernich, a Detection Engineer at Eclypsium specializing in firmware security, as he demonstrates real-world applications of this detection methodology for identifying rootkits that operate at the ACPI level.
