[SANS Webcast] Power! Unlimited Power!
Understanding the Techniques of Malicious Kernel-Mode Code
The kernel-mode of Windows is a pathway to many abilities some consider to be unnatural.
For many malware developers, implementing kernel-mode code is too challenging. The required low-level development is not just time-consuming, but also error-prone and each error can lead to a full system crash, causing the attack to fail.
But threat actors who overcome these challenges get access to power which no user-mode application can wield.
Diving into kernel-mode allows attackers to exploit drivers and the system to escalate privileges, implement effective payloads, and hide malware from security products and incident responders.
In this webcast, attendees will learn:
- Attackers goals and techniques for implementing kernel-mode code
- The techniques used to execute that code and bypass existing OS security controls
- Tips for analyzing kernel-mode code with the goal of building better defenses