BloomTech’s Downfall: A Long Time Coming

Demystifying Modern Windows Rootkits

Demystifying Modern Windows Rootkits

Black Hat via YouTube Direct link

Intro

1 of 27
Next

1 of 27

Intro

Class Central Classrooms beta

YouTube playlists curated by Class Central.

Classroom Contents

Demystifying Modern Windows Rootkits

Automatically move to the next video in the Classroom when playback concludes
  1. 1 Intro
  2. 2 What Is This Talk About?
  3. 3 Windows Rootkits: An Overview
  4. 4 Example: Treatment by Anti-Virus
  5. 5 Abuse Legitimate Drivers
  6. 6 Just Buy a Certificate!
  7. 7 Abuse Leaked Certificates
  8. 8 Beacon Out to a C2
  9. 9 Open a Port
  10. 10 Application Specific Hooking
  11. 11 Choosing a Communication Method
  12. 12 Abusing Legitimate Communication
  13. 13 Hooking the Windows Winsock Driver
  14. 14 Standard Methods of Intercepting Irps
  15. 15 Hook a Driver's Dispatch Function
  16. 16 Abusing the Network
  17. 17 Parsing Packets: Design
  18. 18 Parsing Packets: Pre-Processing
  19. 19 Parsing Packets: Processing
  20. 20 Parsing Packets: Dispatching
  21. 21 Packet Handlers: XorPacketHandler
  22. 22 Executing Commands: User-mode
  23. 23 Executing Commands: Kernel-mode
  24. 24 Introduction to Mini-Filters
  25. 25 Become a Mini-Filter
  26. 26 Hook a Mini-Filter: Code Hook
  27. 27 Example: Abusing a Mini-Filter

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.