15. Ido Veltzman: Kernel Games: The Ballad of Offense & Defense
Creating stealthy rootkits to help red teams remain persistent, evade EDRs, and connect them to your existing C2 environment. Additionally, this will help elevate blue teams to detect the complex threat mentioned above. Explanations will be accompanied by code examples and demos.
Presentation Outline
1. Rootkit methodologies: Demonstrate several interesting capabilities of rookits, such as hiding an injected DLL, dumping credentials from the kernel, and removing kernel callbacks of AVs/EDRs.
2. Real world scenario - Integration with Mythic C2: Showcasing real-world usage with Mythic C2's agent - Athena - as part of a possible red team engagement scenario.
3. Detecting rootkits methods: Explaining how to detect some of the methods rookits are using, for example, removing kernel callbacks, file protecting, and ETWTI tampering.
4. Tool demo - Finding IRP hooks: To help defenders have more visibility on loaded kernel drivers, I will also show a tool that lists the loaded drivers and information about them (path, registered callbacks, imports, IRP hooks).
Смотрите видео 15. Ido Veltzman: Kernel Games: The Ballad of Offense & Defense онлайн без регистрации, длительностью часов минут секунд в хорошем качестве. Это видео добавил пользователь x33fcon 16 Июль 2024, не забудьте поделиться им ссылкой с друзьями и знакомыми, на нашем сайте его посмотрели 483 раз и оно понравилось 20 людям.