Close Encounters of the Advanced Persistent Kind - Leveraging Rootkits for Post-Exploitation
Offered By: Black Hat via YouTube
Course Description
Overview
Explore a full-chain Windows kernel post-exploitation scenario in this 38-minute Black Hat conference talk. Discover how a Windows 0-day vulnerability can be weaponized to load a kernel rootkit, and learn about leveraging Direct Kernel Object Manipulation (DKOM) to dynamically alter OS telemetry and sensor visibility, rendering endpoint security solutions ineffective. Delve into advanced attacks, including the use of Network Driver Interface Specification (NDIS) modules to disrupt EDR cloud telemetry, establish covert persistence channels, and directly read memory-resident keyboard states in the Kernel for high-performance global keylogging. Presented by Ruben Boonen and Valentina Palmiotti, this talk offers valuable insights into advanced persistent threats and post-exploitation techniques.
Syllabus
Close Encounters of the Advanced Persistent Kind: Leveraging Rootkits for Post-Exploitation
Taught by
Black Hat
Related Courses
Computer SecurityStanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network