Windows Kernel Rootkit Techniques

"To achieve maximum stealth and obtain unabated access to the system, rootkits execute in kernel mode. This advanced course provides a comprehensive end-to-end view of the modus-operandi of rootkits by taking an in-depth look at behind the scenes working of the Windows kernel and how these mechanisms are exploited by malware through hands-on labs and real-world case studies. Kernel security enhancements that have been progressively added to Windows are discussed along with some circumvention techniques. Attendees will study key techniques used by rootkits to understand the real-world applicability of these concepts for offensive and defensive purposes. This course has been updated for Windows 10 20H2. The training comprises of theory, instructor-led demos, code walkthroughs, and most importantly, hands-on labs where students use Visual Studio 2019 and Windows Driver Kit (WDK), to implement rootkit functionality and use WinDBG and Volatility to detect, identify, and analyze rootkit samples on Windows 10 20H2 64-bit."