Myvideo

Guest

Login

Close Encounters of the Advanced Persistent Kind: Leveraging Rootkits for Post-Exploitation

Uploaded By: Myvideo
1 view
0
0 votes
0

...Our presentation will explore a full-chain Windows kernel post-exploitation scenario, where we discovered and weaponized a Windows 0-day vulnerability to load our kernel rootkit. Once loaded, we will demonstrate how Direct Kernel Object Manipulation (DKOM) can be utilized to dynamically alter OS telemetry/sensor visibility, thereby rendering endpoint security solutions ineffective. Additionally, we will showcase a number of advanced attacks, such as employing Network Driver Interface Specification (NDIS) modules to disrupt EDR cloud telemetry or establish covert persistence channels or directly read memory-resident keyboard states in the Kernel for high-performance global keylogging.... By: Ruben Boonen , Valentina Palmiotti Full Abstract and Presentation Materials: #close-encounters-of-the-advanced-persistent-kind-leveraging-rootkits-for-post-exploitation-32913

Share with your friends

Link:

Embed:

Video Size:

Custom size:

x

Add to Playlist:

Favorites
My Playlist
Watch Later