- Mar 30, 2016
- Reaction score
- Developer Skills
- Xenforo: Expert
You must be registered for see images
Rootkits: What they are, and how to find them | 5.44GB
This will be a very hands-on class where we talk about specific techniques which rootkits use, and then do labs where we show how a proof of concept rootkit is able to hide things from a defender.
Example techniques include
Import Address Table (IAT) hooking
System Call Table/System Service Descriptor Table (SSDT) hooking
Interrupt Descriptor Table (IDT) hooking
Direct Kernel Object Manipulation (DKOM)
Kernel Object Hooking (KOH)
IO Request Packet (IRP) filtering
Hiding files/processes/open ports
Compromising the Master Boot Record (MBR) to install a "bootkit"
The class will help the student learn which tools to use to look for rootkits on Windows systems, how to evaluate the breadth of a tool's detection capabilities, and how to interpret tool results.