So you've decided you want to write a Windows rootkit. Good thing this chap's just demystified it in a talk

2020-08-07 08:15

All you need is do is learn assembly and C/C++ programming, plus exploit development, reverse engineering, and Windows internals, and then find and abuse a buggy driver, and inject and install your rootkit, and bam.

Write your own malicious driver, sign it with a stolen or leaked certificate or your own paid-for cert so that Windows trusts it, and load it.

He told the web audience on Thursday many common Windows drivers provide the conduit rootkit writers need to compromise PCs at a level most antivirus can't or won't reach.

Another way into the kernel is to write your own malicious driver, sign it with a stolen or leaked code-signing certificate or a paid-for one, and load it.

Using a signed malicious driver is a more stable route into the heart of Windows, as exploiting vulnerable drivers requires tailoring your exploit code for particular versions and conditions.

News URL

https://go.theregister.com/feed/www.theregister.com/2020/08/07/def_con_demirkapi/

#windows