[SANS Webcast] Power! Unlimited Power! Understanding the Techniques of Malicious Kernel-Mode Code

 

The kernel-mode of Windows is a pathway to many abilities some consider to be unnatural.

For many malware developers, implementing kernel-mode code is too challenging. The required low-level development is not just time-consuming, but also error-prone and each error can lead to a full system crash, causing the attack to fail.

But threat actors who overcome these challenges get access to power which no user-mode application can wield.

Diving into kernel-mode allows attackers to exploit drivers and the system to escalate privileges, implement effective payloads, and hide malware from security products and incident responders.

In this webcast, attendees will learn:

Attackers goals and techniques for implementing kernel-mode code
The techniques used to execute that code and bypass existing OS security controls
Tips for analyzing kernel-mode code with the goal of building better defenses