Reversing Training Session Part 12 – Rootkit Analysis

Here is the quick update on this month’s Local Security meet (SX/Null/G4H/owasp) where Monnappa has delivered one of the best session of our entire series on ‘Rootkit Analysis’. This is part of our ongoing FREE ‘Reversing & Malware Analysis Training’ started since our Jan 2012.



Monnappa delivered splendid session today. In this session, he talked about Rootkit Analysis with awesome four demos. He talked about various techniques used by rootkits like SSDT, DKOM, IRP etc. hooking with practical examples of popular malwares like carberp, prolaco etc.. He discussed the topics of DKOM, IRP which are difficult by their name itself and describing them is a real tough task when audience are of different expertise but he managed very nicely.


This presentation is already on our Security Presentations page. Demo Videos are available on Security Training Videos page.

On behalf of the community, we extend special thanks to ‘Monnappa’ for delivering this awesome session.

This session was the last session of this course series. In our next session ‘Future Roadmap’ , we will discuss about our new training series and projects that we are going to cover in our future local meets.


So stay tuned to our next meet for all crazy and big announcements.

Similar posts
  • Code Injection and API Hooking Techni... Hooking covers a range of techniques used for many purposes like debugging, monitoring, intercepting messages, extending functionality etc. Hooking is also used by a lot of rootkits to camouflage themselves on the system. Rootkits use various hooking techniques when they have to hide a process, hide a network port, redirect file writes to some different [...]
  • Advanced Malware Analysis Training Se... Here is the quick update on this month’s Local Security meet (SX/Null/G4H/owasp) and our advanced malware training session on (Part 2) Dissecting the HeartBeat  RAT Functionalities   This is part of our FREE ‘Advanced Malware Analysis Training’ series started from Dec 2012.       In this extended session, I explained “Decrypting various Communications Of HeartBeat [...]
  • Advanced Malware Analysis Training Se...   Here is the quick update on this month’s Local Security meet (SX/Null/G4H/owasp) and our advanced malware training session on (Part 1) Reversing & Decrypting Communications of HeartBeat RAT This is part of our FREE ‘Advanced Malware Analysis Training’ series started from Dec 2012.       In this extended session, I explained “Decrypting The [...]
  • Detailed Overview and Internals of PE... A win32 portable executable(PE) file consists of: DOS Header, PE Header, Section Table, Sections. Analyzing a PE file gives us a lot of information like the address in memory where the file will be located (ImageBase), address of entry point, imported and exported functions, packed or unpacked etc. Thus this static analysis can indicate whether [...]
  • SEH Exploitation to Get Shell Access   Structured Exception Handling is a mechanism for handling both hardware and software exceptions in Windows OS. Structured exception handling enables us to have complete control over the handling of exceptions and it also provides support for debuggers as well. SEH exploitation is based on stack buffer overflow technique. It becomes easy to exploit a [...]

Leave a Reply

Our Company

Follow us on Facebook


Join Mailing List

Get direct access to our expert trainers or mingle with like minded security folks in our mailing list