In the vast ocean of cyber threats, bootkits and rootkits are the stealth enemy lurking beneath the surface, silently infiltrating systems and evading detection. These advanced malware types embed themselves deep within the foundations of compromised systems, making detection and removal as challenging as locating a submerged enemy submarine. In this talk, we will dive into the depths of bootkits and rootkits, exploring their inner workings and the techniques they employ to maintain a firm grip on their targets. We will begin with an overview of the key differences between bootkits and rootkits, highlighting how they navigate the abyssal zone of system boot processes and kernel exploitation. We will examine the tactics used by these malware types to stay hidden from security controls. To provide a comprehensive understanding of bootkit and rootkit detection and removal, we will explore the Living Off The Land Drivers project and how it can be used, akin to advanced sonar systems and countermeasures, for identifying and neutralizing these elusive threats. Finally, we will discuss the implications of bootkits and rootkits for the future of cybersecurity. As we reflect on the ongoing battle between attackers and defenders, we will identify emerging trends and emphasize the need for a proactive, vigilant approach to ensure the security of both personal and enterprise-level systems. Join us as we embark on a deep-sea journey into the mysterious world of bootkits and rootkits, equipping you with the knowledge and skills necessary to defend against these stealthy adversaries lurking beneath the surface of our digital ocean.SANS DFIR Summit 2023
Speakers:
Michael Haag, Senior Threat Researcher, Splunk
View upcoming Summits:
Музыка
Фильмы
ТВ Шоу
Категории видео
