[ :: mainpage :: register :: conference :: training :: venue map :: agenda :: press/media ]
[ :: capture the flag (CTF) :: zone-h hacking challenge :: open-hack :: forum :: sponsors ]
[ :: contact :: past conferences :: open source security project showcase ]

Conference presentation materials have been released.
You can download them from Packet Storm

Joanna Rutkowska

Filed under: Conference Speakers — Administrator @ 8:20 pm

April 21, 2005

Presentation Title: Hide-And-Seek: Defining the Roadmap for Malware Detection on Windows
Presentation Details:

The presentation aims towards defining a detailed list of vital operating system parts as well as a methodology for malware detection. The list will start on such basic levels as actions needed for file system and registry integrity verification, go through user-mode memory validating (detecting additional processes, hooked DLLs, injected threads, etc…) and finally end on such advanced topics as defining vital kernel parts which can be altered by modern rootkit-based malware (with techniques like Raw IRP hooking, various DKOM based manipulations or VMM cheating)

By no means will the presented list be complete, however, the author believes that, in contrast to what many other people may think, there is only a finite number of methods which can be used by malware to compromise a system and hopefully in the future (with the help of the community) the list will “stabilize” and become more complete. Such a reference roadmap/list, will help raise the level of awareness on what is still missing with regards to malware detection and will hopefully stimulate the creation of better detection tools, leaving less and less space for malware to survive.

The presentation will be supported with live demos, in which some interesting malware will be shown as well as detection tools catching it (including some new tools from the author). Some of the topics will be touched briefly (like file system verification), while some other areas, like kernel-level integrity verification will be discussed very deeply (together with description of the latest advances in rootkit technology). At the end, the subject of implementation specific attacks against malware detectors will be briefly discussed.The presentation will focus on the Windows 2000/XP/2003 family of operating systems.

About Joanna:

Joanna Rutkowska is an independent security researcher. Her main interest is in stealth technology, that is, in the methods used by attackers to hide their malicious actions after a successful break-in. This includes various types of rootkits, network backdoors and covert channels. She is interested in both detecting this kind of activity and in developing and testing new offensive techniques.

She develops assessment and detection tools mainly for pen-testing companies. She has previously presented at the 21st Chaos Communication Congress, IT Underground 2004 and HiverCon2003. She lives in Warsaw, Poland.

Comments are closed.

Event Organizer

Hack In The Box (M) Sdn. Bhd.

Supported & Endorsed By

Malaysian Communications and Multimedia Commission (MCMC)

Malaysian Administrative Modernisation & Management Planning Unit

Main Sponsor

Microsoft Corporation

Official Airline Partner

Malaysia Airlines

Open-Hack Sponsor

VIA Technologies Inc.

CTF Sponsor

Scan Associates

CTF Prize Sponsor


Media Partners:

The Virus Bulletin Conference takes place at The Burlington, Dublin, Ireland, 5 to 7 October 2005. Register here.

Phrack Magazine

Our Speakers Are Supported By:

Bellua Asia Pacific

F-Secure Corporation

Supporting Organizations


Chaos Computer Club (Germany)

X-Focus China

Zone-H Defacement Mirror

Xatrix Security


Special Interest Group in Security & Information InteGrity Singapore