You are here
Rootkits are backdoor programs that can be placed in a computer without detection. Virus scanners and desktop firewalls are woefully inadequate to stop a rootkit attack, which can go undetected for years. This talk will explain how rootkits are built for Microsoft Windows XP. It will cover detailed technical aspects of rootkit development, such as compilation, loading and unloading, function hooking, paged and nonpaged memory, interrupts and inline code injections. You'll also learn the technical aspects of the hardware environment, such as interrupt handling, memory paging, and virtual memory address translation. The talk will also cover how to detect rootkits, including runtime integrity checks and detecting hooks of all kinds, such as IRP hooks, SSDT hooks, and IDT hooks.
Greg Hoglund has been involved with software security for many years, specializing in Windows rootkits and vulnerability exploitation. He founded the Web site www.rootkit.com, and has co-authored several books on software security (Exploiting Software: How to Break Code, Addison-Wesley, 2004; Rootkits: Subverting the Windows Kernel, Addison-Wesley, 2005). Greg is a long-time game hacker and spends much of his free time reverse engineering and tooling exploits for new games. Professionally, Greg offers in-depth training on rootkit developement and software exploit. He is currently CEO of HBGary, Inc., building a world-class product for software reverse engineering and digital forensics.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.