Detecting and Triaging Modern Windows Rootkits

Learn about modern Windows rootkit detection and analysis techniques in this 47-minute conference talk from BSidesCharm 2023. Explore how rootkit developers have adapted their methods in response to Windows 10's enhanced security features, focusing on kernel loading mechanisms, system control acquisition, and activity monitoring. Gain insights from Andrew Case, Director of Research at Volexity and core developer of the Volatility memory analysis framework, as he demonstrates practical approaches combining memory forensics and event log analysis to detect these evolved threats. Drawing from his extensive experience in incident response and malware analysis, and his co-authorship of "The Art of Memory Forensics," discover real-world examples of modern rootkit techniques observed during enterprise-level investigations.