Investigating Suspicious Kernel Threads on Linux! | DFIR

preview_player
Показать описание
Hello,
Kernel threads are not an exception for adversaries to leverege! As malware could be masqueraded kernel threads to evade the process forensics. By using some nnuances it can also be discovered. I tried explaining those processes in this video.

============
Time Frames
============
00:00 Intro
00:33 Explaining the kernel threads & its properties
19:28 Pragmatic approach to spot malware masqueraded as kernel thread
49:11 Outro

==============
Connect Me On
==============

#kernelthread #dfir #memoryforensics
  1. Perumal Jegan
Рекомендации по теме
Investigating Suspicious Kernel 0:50:22

Investigating Suspicious Kernel Threads on Linux! | DFIR

How to know 0:10:19

How to know if your PC is hacked? Suspicious Network Activity 101

Andrew Ruddick - 0:40:00

Andrew Ruddick - Exploring a New Class of Kernel Exploit Primitive

Race For Root: 0:54:42

Race For Root: The Analysis Of The Linux Kernel Race Condition Exploit (SHA2017)

ZeroAccess kernel-mode rootkit 0:04:07

ZeroAccess kernel-mode rootkit infection - an ECAT analysis

The Art of 0:32:27

The Art of Exploiting UAF by Ret2bpf in Android Kernel

Kernel-Mode Rootkit Analysis 0:10:17

Kernel-Mode Rootkit Analysis

Four Bytes of 0:34:05

Four Bytes of Power: Exploiting CVE-2021-26708 in the Linux Kernel

Monitor Thread CPU 0:01:39

Monitor Thread CPU Performance

How Hackers Bypass 0:19:38

How Hackers Bypass Kernel Anti Cheat

CNIT 126 10: 0:48:57

CNIT 126 10: Kernel Debugging with WinDbg

Collecting and Hunting 0:22:47

Collecting and Hunting for Indications of Compromise with Gusto and Style! - Threat Hunting

USENIX Security '21 0:12:22

USENIX Security '21 - SHARD: Fine-Grained Kernel Specialization with Context-Aware Hardening

Demystifying Modern Windows 0:31:23

Demystifying Modern Windows Rootkits

Hunting for IOCs 0:22:47

Hunting for IOCs with Gusto and Style!: Threat Hunting Summit 2016

Unveiling the kernel: 0:30:25

Unveiling the kernel: rootkit discovery using selective automated kernel memory differencing

Khang Nguyen - 0:30:34

Khang Nguyen - Lessons Learned from a Red Teamer's Journey into the Kernel

YVR18-308:Kernel Bugs and 1:04:55

YVR18-308:Kernel Bugs and Regressions Debugging Best Practices

The Arms Race 0:36:15

The Arms Race of Evasion: Examining Evolving Evasion Techniques in Incident Response

Black Ops 6: 0:16:11

Black Ops 6: MASSIVE UPDATES & CHANGES REVEALED! New ANTI-CHEAT UPDATE, MAJOR FIXES, & More!

Practical Linux Incident 0:16:29

Practical Linux Incident Response | Unauthorized User Access

Practical Memory Forensics 0:31:52

Practical Memory Forensics - Volatility (Part 2) //WannaCry //Banking_Trojan

RSA ECAT Advanced 0:07:09

RSA ECAT Advanced Threat Scenario: Malware Investigation on Endpoints

Kernel-Only Mouse CS:GO 0:00:18

Kernel-Only Mouse CS:GO Cheat - FULL Humanizer Test (fantasy.aurora - fantasy.cat)