Pär Österberg Medina: Detecting Rootkits in Memory Dumps


A precious presentation by Pär Österberg Medina about dumping and analyzing a memory dump for detecting rootkits, discovered in the twitter feed of Binni Shah:


Covered topics

  • What is a rootkit?
  • Dumping the memory
  • How-to analyze a memory dump?
  • Different rootkit techniques and how we detect it

The presentation

https://www.terena.org/activities/tf-csirt/meeting27/oesterberg-rootkits.pdf

Comments