Pen testing, Threat hunting, Security Research

“Demystifying Modern Windows Rootkits” – Bill Demirkapi – BH2020

August 12, 2020

This talk will demystify the process of writing a rootkit, moving past theory and instead walking the audience through the process of going from a driver that says “Hello World” to a driver that abuses never-before-seen hooking methods to control the user-mode network stack. Analysis includes common patterns seen in malware and the drawbacks that come with malware in kernel-mode rather than user-mode. We’ll walk through writing a rootkit from scratch, discussing how to load a rootkit, how to communicate with a rootkit, and how to hide a rootkit. With every method, we’ll look into the drawbacks ranging from usability to detection vectors. The best part? We’ll do this all under the radar, evading PatchGuard and anti-virus. Visit https://securityweekly.com/summercamp2020 to view the Live Stream and previously recorded micro-interviews.

Chat live with the Security Weekly Staff, Hosts, and Guests in our Discord Server: https://discord.gg/pqSwWm4

Full Episode Show Notes

"Demystifying Modern Windows Rootkits"

None

Hosts

[caption id="attachment_210" align="alignleft" width="120"]Paul Asadoorian Paul Asadoorian - Founder & CTO[/caption]

Guests

[caption id="attachment_210" align="alignleft" width="120"]Bill Demirkapi Bill Demirkapi - Security Researcher [/caption]
[audio src="http://traffic.libsyn.com/sw-all/HSC_Day_2_Bill_Demirkapi-0_converted.mp3"]
prestitial ad