Revealing Stealth Malware

UMD CMSC818M

 
 

Such will be the theme of this class. Stealth malware utilizes a fairly fixed set of tricks in order to hide themselves on endpoints. Once you know the tricks, you can interpret the results of specialized tools which try to point out system inconsistencies. This class will focus on Windows XP, because the detection tools are more robust there. But at the end of the class we will show how simple attacker techniques can degrade the security of Windows 7 to that of Windows XP, and allow all the same techniques to continue to work.


Prerequisites: Must have C programming and assembly experience, as the 2 main homeworks will require writing a proof of concept rootkit based around some technique.

Check yourself before you wreck yourself!

 

Web Accessibility