Close Encounters of the Advanced Persistent Kind - Leveraging Rootkits for Post-Exploitation
Offered By: Black Hat via YouTube
Course Description
Overview
Explore a full-chain Windows kernel post-exploitation scenario in this 38-minute Black Hat conference talk. Discover how a Windows 0-day vulnerability can be weaponized to load a kernel rootkit, and learn about leveraging Direct Kernel Object Manipulation (DKOM) to dynamically alter OS telemetry and sensor visibility, rendering endpoint security solutions ineffective. Delve into advanced attacks, including the use of Network Driver Interface Specification (NDIS) modules to disrupt EDR cloud telemetry, establish covert persistence channels, and directly read memory-resident keyboard states in the Kernel for high-performance global keylogging. Presented by Ruben Boonen and Valentina Palmiotti, this talk offers valuable insights into advanced persistent threats and post-exploitation techniques.
Syllabus
Close Encounters of the Advanced Persistent Kind: Leveraging Rootkits for Post-Exploitation
Taught by
Black Hat
Related Courses
Attack on Titan M, Reloaded - Vulnerability Research on a Modern Security ChipBlack Hat via YouTube Attacks From a New Front Door in 4G & 5G Mobile Networks
Black Hat via YouTube AAD Joined Machines - The New Lateral Movement
Black Hat via YouTube Better Privacy Through Offense - How to Build a Privacy Red Team
Black Hat via YouTube Whip the Whisperer - Simulating Side Channel Leakage
Black Hat via YouTube