[SANS Webcast] Power! Unlimited Power!
Understanding the Techniques of Malicious Kernel-Mode Code

The kernel-mode of Windows is a pathway to many abilities some consider to be unnatural.

For many malware developers, implementing kernel-mode code is too challenging. The required low-level development is not just time-consuming, but also error-prone and each error can lead to a full system crash, causing the attack to fail.

But threat actors who overcome these challenges get access to power which no user-mode application can wield.

Diving into kernel-mode allows attackers to exploit drivers and the system to escalate privileges, implement effective payloads, and hide malware from security products and incident responders.

In this webcast, attendees will learn:

  •    Attackers goals and techniques for implementing kernel-mode code
  •    The techniques used to execute that code and bypass existing OS security controls
  •    Tips for analyzing kernel-mode code with the goal of building better defenses