BSidesCharm 2023 - Detecting and Triaging Modern Windows Rootkits - Andrew Case
HTML-код
- Опубликовано: 7 фев 2025
- Since Windows 10, Microsoft has added many new security features aimed at disrupting kernel level malware. To stay viable, rootkit developers have evolved how they load into the kernel, gain system control, and monitor activity. This talk walks through such techniques observed in the wild and how they are detectable through a combination of memory forensics and event log analysis.
Andrew Case is the Director of Research at Volexity, and has significant experience in incident response handling and malware analysis. He has conducted numerous large-scale investigations that span enterprises and industries. Case is a core developer of the Volatility memory analysis framework, and a co-author of the highly popular and technical forensics analysis book “The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory.”
