DEF CON Safe Mode - Bill Demirkapi - Demystifying Modern Windows Rootkits

preview_player
Показать описание
This talk will demystify the process of writing a rootkit, moving past theory and instead walking the audience through the process of going from a driver that says "Hello World" to a driver that abuses never-before-seen hooking methods to control the user-mode network stack. Analysis includes common patterns seen in malware and the drawbacks that come with malware in kernel-mode rather than user-mode.

We'll walk through writing a rootkit from scratch, discussing how to load a rootkit, how to communicate with a rootkit, and how to hide a rootkit. With every method, we'll look into the drawbacks ranging from usability to detection vectors. The best part? We'll do this all under the radar, evading PatchGuard and anti-virus.
  1. DEFCONConference
  2. DEF
  3. CON
  4. DEFCON
  5. DEF CON
  6. hacker conference
Рекомендации по теме
DEF CON Safe 0:00:49

DEF CON Safe Mode

DEF CON Safe 0:42:43

DEF CON Safe Mode - Elie Bursztein - A Hacker’s Guide to Reducing Side Channel Attack Surfaces

DEF CON Safe 0:42:42

DEF CON Safe Mode - Christopher Wade - Beyond Root

DEF CON Safe 0:23:50

DEF CON Safe Mode Password Village - Getting Started with Hashcat

DEF CON Safe 0:24:10

DEF CON Safe Mode - The Dark Tangent and Lostboy - Welcome to DEF CON Safe Mode and Badge Talk

DEF CON Safe 0:45:21

DEF CON Safe Mode Recon Village - Levi - Ambly the Darknet Spider

DEF CON Safe 0:23:54

DEF CON Safe Mode Password Village - PNI - Getting Started With Hashcat

DEF CON Safe 0:58:12

DEF CON Safe Mode - Mickey Shkatov and Jesse Michael - Bytes In Disguise

DEF CON Safe 0:36:26

DEF CON Safe Mode - Patrick Kiley - Reverse Engineering a Tesla Battery Mgmt. System for Moar Power

DEF CON Safe 0:32:08

DEF CON Safe Mode Lock Bypass Village - Bill Graydon - OSINT of Facilities by Physical Recon

DEF CON Safe 0:31:17

DEF CON Safe Mode - Peleg Hadar and Tomer Bar - After Stuxnet Printing still the Stairway to Heaven

DEF CON Safe 0:48:02

DEF CON Safe Mode AppSec Village - Mehmet D Ince - A Heaven for Hackers: Breaking a Web Security

DEF CON Safe 0:45:03

DEF CON Safe Mode - ayoul3 - Only Takes a Spark Popping a Shell on 1000 Nodes

DEF CON Safe 0:37:23

DEF CON Safe Mode Biohacking Village - Bryson Bort - MedICS

DEF CON Safe 0:38:19

DEF CON Safe Mode - Eyal Itkin - Dont Be Silly It's Only a Lightbulb

DEF CON Safe 0:27:50

DEF CON Safe Mode Aerospace Village What I Learned Trying to Hack a 737

DEF CON Safe 0:39:30

DEF CON Safe Mode - Gal Zror - Don't Ruck Us Again The Exploit Returns

DEF CON Safe 0:57:26

DEF CON Safe Mode Red Team Village - Chris Kubecka - Pwn the World

DEF CON Safe 0:18:51

DEF CON Safe Mode - Slava Makkaveev - Pwn2Own Qualcomm Compute DSP for Fun and Profit

DEF CON Safe 0:51:11

DEF CON Safe Mode Ham Radio Village - Pancake - So you have an SDR

DEF CON Safe 0:26:59

DEF CON Safe Mode - Yamila Levalle - Bypassing Biometric Systems with 3D Printing

DEF CON Safe 0:38:30

DEF CON Safe Mode - Bill Demirkapi - Demystifying Modern Windows Rootkits

DEF CON Safe 0:44:10

DEF CON Safe Mode - Shlomi Oberman, Moshe Kol, Ariel Schön - Hacking the Supply Chain

DEF CON Safe 1:00:45

DEF CON Safe Mode Red Team Village - Jonathan Helmus - Student Roadmap to Becoming a Pentester

Комментарии
Автор

Bill amazing talk. I love the clarity of your thinking process and how well you articulated it. Absolutely brilliant!

williamfasoli
Автор

Sitting here with a masters in cyber security and getting schooled by a 19 year old kid on windows rootkits.. #feelsbadman

camarada
Автор

I feel like we're gonna be seeing this kid again at DEFCON.

ben-brady
Автор

Great talk! Learned a lot. The applications for some of these concepts are really cool.

I discovered you via your cyberpatriot writeup a while back and its really cool to see you doing a defcon talk.

anthonything
Автор

Microsoft security team furiously taking notes I imagine

jonathanacosta
Автор

Great talk. Even if i just understood "root kit" it was very clear and informative. Like the format with good picture and quality compared to previous Def Con live talks Will look at some more presentations .. Good job (Y)

badermeinhof
Автор

Idk if anyone can help me, but can anyone list down any resources on how to take control of hypervisors? Thx

Capsayin
Автор

Seriously, who put a thumbs down? Did they miss the other button?

jaredtownsel
Автор

i now feel stupid. You man are amazing

juandiego
Автор

Wow that was a really nice, clear and interesting presentation. Thanks for sharing this video.
BTW, does anybody have the presentation pages for recap?

itaybarok
Автор

A lot of malware still uses plaintext HTTP to communicate with C2, at least the lame shit. Rarely will a hacker bother to write a rootkit, but if you get compromised by one it's game over.

deepdivedisco
Автор

Currently dealing with this. Pretty sure someone i pissed of in "Elyon" sharked it cause theres very few ppl who play it and did exactly this to my comp

tsmith