15. Ido Veltzman: Kernel Games: The Ballad of Offense & Defense
Creating stealthy rootkits to help red teams remain persistent, evade EDRs, and connect them to your existing C2 environment. Additionally, this will help elevate blue teams to detect the complex threat mentioned above. Explanations will be accompanied by code examples and demos.
Presentation Outline
1. Rootkit methodologies: Demonstrate several interesting capabilities of rookits, such as hiding an injected DLL, dumping credentials from the kernel, and removing kernel callbacks of AVs/EDRs.
2. Real world scenario - Integration with Mythic C2: Showcasing real-world usage with Mythic C2's agent - Athena - as part of a possible red team engagement scenario.
3. Detecting rootkits methods: Explaining how to detect some of the methods rookits are using, for example, removing kernel callbacks, file protecting, and ETWTI tampering.
4. Tool demo - Finding IRP hooks: To help defenders have more visibility on loaded kernel drivers, I will also show a tool that lists the loaded drivers and information about them (path, registered callbacks, imports, IRP hooks).
Watch video 15. Ido Veltzman: Kernel Games: The Ballad of Offense & Defense online without registration, duration hours minute second in high quality. This video was added by user x33fcon 16 July 2024, don't forget to share it with your friends and acquaintances, it has been viewed on our site 483 once and liked it 20 people.