Close Encounters of the Advanced Persistent Kind: Leveraging Rootkits for Post-Exploitation
...Our presentation will explore a full-chain Windows kernel post-exploitation scenario, where we discovered and weaponized a Windows 0-day vulnerability to load our kernel rootkit. Once loaded, we will demonstrate how Direct Kernel Object Manipulation (DKOM) can be utilized to dynamically alter OS telemetry/sensor visibility, thereby rendering endpoint security solutions ineffective. Additionally, we will showcase a number of advanced attacks, such as employing Network Driver Interface Specification (NDIS) modules to disrupt EDR cloud telemetry or establish covert persistence channels or directly read memory-resident keyboard states in the Kernel for high-performance global keylogging....
By: Ruben Boonen , Valentina Palmiotti
Full Abstract and Presentation Materials: #close-encounters-of-the-advanced-persistent-kind-leveraging-rootkits-for-post-exploitation-32913
4 months ago 00:01:48 1
![That’s Not My Neighbor the Musical TEASER TRAILER [by Random Encounters]](https://sun9-33.userapi.com/-4b7oiNyxL48k7-2t2oI53tWOQw_BHI5173iLg/CUGtHuHbTGg.jpg)
4 months ago 00:24:18 1
4 months ago 00:00:19 1
4 months ago 00:00:18 1
4 months ago 00:36:17 1
4 months ago 00:00:31 1
4 months ago 00:35:24 1
4 months ago 00:58:05 2
4 months ago 00:02:01 1
4 months ago 01:02:09 1
4 months ago 01:00:48 1
4 months ago 00:10:10 1
4 months ago 00:01:16 1
4 months ago 00:00:14 1
4 months ago 00:50:50 1
4 months ago 00:03:17 1
4 months ago 00:12:27 1
4 months ago 00:09:53 1
4 months ago 02:07:48 1
4 months ago 00:01:14 3
4 months ago 00:00:11 2
4 months ago 11:54:59 1
4 months ago 00:04:04 1
4 months ago 00:11:56 1
