Trang chủ > Kỹ Thuật Xâm Nhập > Black Hat 2008: The Zen of Xen – HITBSecConf2005 Malaysia : Joanna Rutkowska – Malware Detection on Windows

Black Hat 2008: The Zen of Xen – HITBSecConf2005 Malaysia : Joanna Rutkowska – Malware Detection on Windows

Tháng Mười Một 8, 2009 Để lại bình luận Go to comments

Black Hat 2008: The Zen of Xen

 

http://video.google.com.vn/videoplay?docid=1546524215434730686&hl=vi#

Presentation Title: Hide-And-Seek: Defining the Roadmap for Malware Detection on Windows Presentation Details: The presentation aims towards defining a detailed list of vital operating system parts as well as a methodology for malware detection. The list will start on such basic levels as actions needed for file system and registry integrity verification, go through user-mode memory validating (detecting additional processes, hooked DLLs, injected threads, etc…) and finally end on such advanced topics as defining vital kernel parts which can be altered by modern rootkit-based malware (with techniques like Raw IRP hooking, various DKOM based manipulations or VMM cheating) By no means will the presented list be complete, however, the author believes that, in contrast to what many other people may think, there is only a finite number of methods which can be used by malware to compromise a system and hopefully in the future (with the help of the community) the list will “stabilize” and become more complete. Such a reference roadmap/list, will help raise the level of awareness on what is still missing with regards to malware detection and will hopefully stimulate the creation of better detection tools, leaving less and less space for malware to survive. The presentation will be supported with live demos, in which some interesting malware will be shown as well as detection tools catching it (including some new tools from the author). Some of the topics will be touched briefly (like file system verification), while some other areas, like kernel-level integrity verification will be discussed very deeply (together with description of the latest advances in rootkit technology). At the end, the subject of implementation specific attacks against malware detectors will be briefly discussed.The presentation will focus on the Windows 2000/XP/2003 family of operating systems

  1. Chưa có phản hồi.
  1. No trackbacks yet.

Gửi phản hồi

Mời bạn điền thông tin vào ô dưới đây hoặc kích vào một biểu tượng để đăng nhập:

WordPress.com Logo

Bạn đang bình luận bằng tài khoản WordPress.com Log Out / Thay đổi )

Twitter picture

Bạn đang bình luận bằng tài khoản Twitter Log Out / Thay đổi )

Facebook photo

Bạn đang bình luận bằng tài khoản Facebook Log Out / Thay đổi )

Google+ photo

Bạn đang bình luận bằng tài khoản Google+ Log Out / Thay đổi )

Connecting to %s

%d bloggers like this: