Detecting and Triaging Modern Windows Rootkits

Overview

Learn about modern Windows rootkit detection and analysis techniques in this 47-minute conference talk from BSidesCharm 2023. Explore how rootkit developers have adapted their methods in response to Windows 10's enhanced security features, focusing on kernel loading mechanisms, system control acquisition, and activity monitoring. Gain insights from Andrew Case, Director of Research at Volexity and core developer of the Volatility memory analysis framework, as he demonstrates practical approaches combining memory forensics and event log analysis to detect these evolved threats. Drawing from his extensive experience in incident response and malware analysis, and his co-authorship of "The Art of Memory Forensics," discover real-world examples of modern rootkit techniques observed during enterprise-level investigations.

Syllabus

BSidesCharm 2023 - Detecting and Triaging Modern Windows Rootkits - Andrew Case

Taught by

BSidesCharm

Reviews

Start your review of Detecting and Triaging Modern Windows Rootkits

From Zero to Cybersecurity Analyst

Most common

Popular subjects

Popular courses

Detecting and Triaging Modern Windows Rootkits

Overview

Syllabus

Taught by

Reviews

From Zero to Cybersecurity Analyst

Taught by

Getting Started with Memory Forensics Using Volatility

Windows Forensics and Tools

Computer Forensics and Digital Forensics Masterclass PRO+

Digital Forensics Masterclass : Forensic Science DFMC+ DFIR

Computer Hacking and Forensics

Everyday Digital Forensics

Never Stop Learning.