This talk will demystify the process of writing a rootkit, moving past theory and instead walking the audience through the process of going from a driver that says “Hello World” to a driver that abuses never-before-seen hooking methods to control the user-mode network stack. Analysis includes common patterns seen in malware and the drawbacks that come with malware in kernel-mode rather than user-mode. We’ll walk through writing a rootkit from scratch, discussing how to load a rootkit, how to communicate with a rootkit, and how to hide a rootkit. With every method, we’ll look into the drawbacks ranging from usability to detection vectors. The best part? We’ll do this all under the radar, evading PatchGuard and anti-virus. Visit https://securityweekly.com/summercamp2020 to view the Live Stream and previously recorded micro-interviews.
Chat live with the Security Weekly Staff, Hosts, and Guests in our Discord Server: https://discord.gg/pqSwWm4Full Episode Show Notes
|[caption id="attachment_210" align="alignleft" width="120"] Paul Asadoorian - Founder & CTO[/caption]|
|[caption id="attachment_210" align="alignleft" width="120"] Bill Demirkapi - Security Researcher [/caption]|