Session:Experience in dissecting malware
From 34C3_Wiki
| Description | Sharing some results from dissecting and re-implementing a rootkit. Aim was and is to understand the decisions of the orginal authors. Work is based on a re-implementation of a well-known implant. Previous Experience in Reversing Malware strongly recommended. Bring a Win7x64 system and IDA Pro. |
|---|---|
| Website(s) | |
| Type | Workshop |
| Kids session | No |
| Keyword(s) | security |
| Tags | Reverse Engineering, Malware, Security |
| Processing assembly | Assembly:European CERTs and CSIRTs |
| Person organizing | |
| Language | de - German |
| Other sessions... | |
| Subtitle | This driver is not one of ours. |
|---|---|
| Starts at | 2017/12/29 22:00 |
| Ends at | 2017/12/29 23:30 |
| Duration | 90 minutes |
| Location | Room:Seminar room 13 |
Based on a re-implementation of a well-known rootkit used by bad guys, we try to deduct some of the decisions the authors made when implementing it. Experience with IDA Pro is required. A working Win7x64 vulnbox is required.
