Session:Experience in dissecting malware

From 34C3_Wiki
Revision as of 16:21, 29 December 2017 by Wolpertwo (talk | contribs) (A device driver used for BAD things. We look at it.)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Description Sharing some results from dissecting and re-implementing a rootkit. Aim was and is to understand the decisions of the orginal authors. Work is based on a re-implementation of a well-known implant. Previous Experience in Reversing Malware strongly recommended. Bring a Win7x64 system and IDA Pro.
Website(s)
Type Workshop
Kids session No
Keyword(s) security
Tags Reverse Engineering, Malware, Security
Processing assembly Assembly:European CERTs and CSIRTs
Person organizing
Language de - German
de - German
Other sessions...

refresh

Subtitle This driver is not one of ours.
Starts at 2017/12/29 22:00
Ends at 2017/12/29 23:30
Duration 90 minutes
Location Room:Seminar room 13

Based on a re-implementation of a well-known rootkit used by bad guys, we try to deduct some of the decisions the authors made when implementing it. Experience with IDA Pro is required. A working Win7x64 vulnbox is required.