Papers

White papers can be accessed by contacting us. Academic papers are publicly available.

White Papers

File
Clear Hat Consulting's APERTURE technology can be thought of as a chipset level firewall that sits between the Operating System and the physical hardware to provide protection against advanced forms of exploitation.
File
This whitepaper provides a brief overview of the chipset attack surface and discusses how Clear Hat Consulting's APERTURE technology provides defense against advanced persistent threats that are difficult to detect and eradicate using most of today's anti-virus and intrusion protection systems.
File
Recent news has highlighted the discovery of malicious disk firmware believed to be a product of the NSA with over 500 victims identified so far. Clear Hat Consulting's APERTURE technology can firewall the SATA disk controller to prevent compromises of the disk firmware and the misuse of low level disk commands.
File
Clear Hat Consulting's "DMA Firewall" technology uses I/O virtualization to mitigate supply chain vulnerabilities by reducing the ability of a compromised DMA capable peripheral to maliciously interact with memory on the host computer system.

Academic Papers

93.57 KB PDF
A Usenix Login 2004 article describing the convergence of rootkit technology and spyware.
557.04 KB PDF
A BlackHat 2005 presentation describing a method to desynchronize the instruction and data caches of the TLB to cloak malicious code. These are not the codes you're looking for ...
375.74 KB PDF
An ACSAC 2007 paper describing intelligent 'fuzzing' with genetic algorithms utilizing a Dynamic Markov Model fitness heuristic.
334.61 KB PDF
A SecureComm 2008 paper describing a proof-of-concept rootkit residing in SMM space.
833.30 KB PDF
An ASIACCS 2009 paper describing a chipset-level network backdoor that interacts directly with hardware to bypass all host based firewall and IDS software.