Session:Experience in dissecting malware
|Sharing some results from dissecting and re-implementing a rootkit. Aim was and is to understand the decisions of the orginal authors. Work is based on a re-implementation of a well-known implant. Previous Experience in Reversing Malware strongly recommended. Bring a Win7x64 system and IDA Pro.
|Reverse Engineering, Malware, Security
|Assembly:European CERTs and CSIRTs
|de - German
|This driver is not one of ours.
|Room:Seminar room 13
Based on a re-implementation of a well-known rootkit used by bad guys, we try to deduct some of the decisions the authors made when implementing it. Experience with IDA Pro is required. A working Win7x64 vulnbox is required.