Power! Unlimited Power! Understanding the Techniques of Malicious Kernel-Mode Code

  • Wednesday, 23 Sep 2020 10:30AM EST (23 Sep 2020 14:30 UTC)
  • Speakers: Jacob Williams, Tamas Boczan

The kernel-mode of Windows is a pathway to many abilities some consider to be ' unnatural.

For many malware developers, implementing kernel-mode code is too challenging. The required low-level development is not just time-consuming, but also error-prone ' and each error can lead to a full system crash, causing the attack to fail.

But threat actors who overcome these challenges get access to power which no user-mode application can wield.

Diving into kernel-mode allows attackers to exploit drivers and the system to escalate privileges, implement effective payloads, and hide malware from security products and incident responders.

In this webcast, attendees will learn:

  • - Attackers goals and techniques for implementing kernel-mode code
  • - The techniques used to execute that code and bypass existing OS security controls
  • - Tips for analyzing kernel-mode code with the goal of building better defenses


VMRay Logo - Dark Blue