Rootkits: What They Are, and How to Find Them

ShmooCon IX - 2013

Presented by: Xeno Kovah
Date: Saturday February 16, 2013
Time: 16:30 - 17:50
Location: Congressional C
Track: Train the Trainer

http://opensecuritytraining.info/Rootkits.html

Assumes: Some Intro/Intermediate x86 & Life of Binaries knowledge (primarily assembly, interrupts, IAT)

Teaches: How stealth malware techniques work, and specific tools that reveal hidden malware attributes. Specifically we discuss Windows userspace and kernel malware using inline, IAT, IDT, SSDT, IRP hooks, as well as DKOM, KOH, and bootkits.

Xeno Kovah

Xeno Kovah graduated from the CMU SFS program in 2007 and has been leading a team focusing on sophisticated stealth malware detection (in userspace, kernel, and firmware) and trusted computing at MITRE since 2009. But he's been attending cons since 1999, back before The Shmoo Group had even made a splash at Defcon with their wireless shenanigans. ;) Xeno started OpenSecurityTraining.info in 2011 to host his like-minded colleagues' open source training materials, and he's always looking for new contributors.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats