BSidesTLV 2023

(Lady|)Lord Of The Ring0
2023-06-29, 17:10–17:55 (Europe/Oslo), Smolarz

(Lady|)Lord Of The Ring0 is a talk inspired by my blog series: Lord Of The Ring0 and will discuss offensive windows kernel development, secure kernel development, explaining basic kernel mitigations (PatchGuard, DSE) and various ways to load a driver.

Headline: Offensive Kernel Development
Timing: 20 minutes
In this section, I will talk about methods that are commonly used by rootkits such as Hiding and protecting your malware (process/file/registry keys hiding), IRP hooking in general, unregistering AVs/EDRs ETWTI and notify routines.

Headline: Secure Kernel Development
Timing: 10 minutes
In this section, I will talk about the difficulties when developing a kernel driver, the important keynotes that a kernel developer needs to take care of, the different ways available to load a driver and the basics of kernel driver debugging.

Headline: Kernel Mitigations
Timing: 10 minutes
In this section, I will talk about what are PatchGuard and DSE, how they operate, what triggers them and known bypasses.

Headline: Q&A
Timing: 5 minutes

I am an experienced security researcher, who has worked in various cybersecurity roles over the past 5 years. My main interests are OS internals, reverse engineering, kernel development and exploit development. In my free time, I am working on projects in the areas of evasion, persistence and injection methods for both kernel mode and user mode and releasing them under my GitHub account: Based on these projects I am publishing educational papers sharing my knowledge with the cyber community.