Description: https://www.defcon.org/images/defcon-17/dc-17-presentations/defcon-17-erez_metula-managed_code_rootkits.pdf
https://www.defcon.org/images/defcon-17/dc-17-presentations/Erez_Metula/defcon-17-erez_metula-managed_code_rootkits-wp.pdf
https://www.defcon.org/images/defcon-17/dc-17-presentations/Erez_Metula/defcon-17-metula-extras.zip
This presentation introduces a new concept of application level rootkit attacks on managed code environments, enabling an attacker to change the language runtime implementation, and to hide malicious code inside its core. Taking the .NET Rootkits concepts a step further, while covering generic methods of malware development (rootkits,backdoors,logic manipulation, etc.) for the .NET framework and Java's JVM, by changing its behavior. It includes demos of information logging, reverse shells, backdoors, encryption keys fixation, and other nasty things.
This presentation will introduce the new version of .Net-Sploit - a generic language modification tool, used to implement the rootkit concepts. Information about .NET modification - The Whitepaper, .NET-Sploit, and source code can be found here:
http://www.applicationsecurity.co.il/.NET-Framework-Rootkits.aspx
Tags: securitytube , defcon , def con , hacking , hackers , information security , convention , computer security , DC 17 , Defcon 17 , dc-17 ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.