Hello workshop - Hello Rootkit!

We will create a simple user mode rootkit on a Windows 2012 R2, then check how we could detect these types of rootkit.

As a first step we review the different hooking approaches and implement one of them. During the development participants will  learn  how to access  the memory of a process from another one.

At the  second  step we will  write the filtering shellcode in assembly that will  be inserted into  the function with the help  of our hooking application.
Finally we will  test whether the most wide-spread detection tools are able  to detect our rootkit or not.

We recommend attendance to everyone who is interested in malware or rootkit detection or likes  programming or debugging


Sponsors:

Gold
Gold
Gold
Silver
Silver
Silver
Silver
Silver
Silver
Bronze
JOB
Technical