Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Demystifying Modern Windows Rootkits

Black Hat via YouTube

Overview

Explore the intricacies of modern Windows rootkits in this Black Hat conference talk. Delve into the practical process of developing a rootkit, progressing from a basic "Hello World" driver to advanced techniques for manipulating the user-mode network stack through novel hooking methods. Gain insights into common malware patterns and understand the trade-offs between kernel-mode and user-mode malware implementation. Learn about various rootkit techniques, including abusing legitimate drivers, exploiting certificate vulnerabilities, and implementing communication methods with command and control servers. Discover how to intercept and manipulate network traffic, execute commands in both user and kernel modes, and leverage mini-filters for advanced functionality. Enhance your understanding of Windows security and malware analysis through this comprehensive exploration of rootkit development and its implications.

Syllabus

Intro
What Is This Talk About?
Windows Rootkits: An Overview
Example: Treatment by Anti-Virus
Abuse Legitimate Drivers
Just Buy a Certificate!
Abuse Leaked Certificates
Beacon Out to a C2
Open a Port
Application Specific Hooking
Choosing a Communication Method
Abusing Legitimate Communication
Hooking the Windows Winsock Driver
Standard Methods of Intercepting Irps
Hook a Driver's Dispatch Function
Abusing the Network
Parsing Packets: Design
Parsing Packets: Pre-Processing
Parsing Packets: Processing
Parsing Packets: Dispatching
Packet Handlers: XorPacketHandler
Executing Commands: User-mode
Executing Commands: Kernel-mode
Introduction to Mini-Filters
Become a Mini-Filter
Hook a Mini-Filter: Code Hook
Example: Abusing a Mini-Filter

Taught by

Black Hat

Reviews

Start your review of Demystifying Modern Windows Rootkits

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.