Demystifying Modern Windows Rootkits
This talk will demystify the process of writing a rootkit, moving past theory and instead walking the audience through the process of going from a driver that says "Hello World" to a driver that abuses never-before-seen hooking methods to control the user-mode network stack. Analysis includes common patterns seen in malware and the drawbacks that come with malware in kernel-mode rather than user-mode. By Bill Demirkapi Full Abstract & Presentation Materials: https://www.blackhat.com/us-20/briefi...
![[BSL2022] Windows kernel rootkits for red teams - André Lima](https://i.ytimg.com/vi/GM9WQMrSkWk/hqdefault.jpg?sqp=-oaymwE9CNACELwBSFryq4qpAy8IARUAAAAAGAElAADIQj0AgKJDeAHwAQH4Af4JgAKkBYoCDAgAEAEYZSBlKGUwDw==&rs=AOn4CLARnH4Bk0TtJkEinVAaVtC3wpZmNw)
▶︎
[BSL2022] Windows kernel rootkits for red teams - André Lima
▶︎
iOS Kernel PAC, One Year Later
▶︎
Detecting Access Token Manipulation
▶︎
Windows Device Drivers Internals and some Reversing
▶︎
The Most Destructive Hack Ever Used: NotPetya
▶︎
LayerOne 2025 - Introduction to Fault Injection (Joe Rozner)
▶︎
ATT&CK® Deep Dive: How to Detect Rootkits
▶︎
Trump Gets Booed & Falls Asleep During NBA Finals, Claims War is Almost Over & Goodbye Spencer Pratt
▶︎
Windows Offender: Reverse Engineering Windows Defender's Antivirus Emulator
▶︎
ATT&CK Deep Dive: Process Injection
▶︎
My Cloud is APT's Cloud: Investigating and Defending Office 365
▶︎
The Complete Web Development Roadmap
▶︎
Kernel Mode Threats and Practical Defenses
▶︎
Something is jamming GPS over Europe. Here's what we found
▶︎
Close Encounters of the Advanced Persistent Kind: Leveraging Rootkits for Post-Exploitation
▶︎
BlueHat v18 || Return of the kernel rootkit malware (on windows 10)
▶︎
Exposing The Solid State Donut Battery. It's Over.
▶︎
Investigating Malware Using Memory Forensics - A Practical Approach
▶︎
Rootkits Demonstration
▶︎