Dkom (Direct Kernel Object Manipulation) presented at Blackhat Europe 2004

by Jamie Butler,

Tags: Security Rootkits Access

Summary : This talk will address insecurities in the current implementation of today's operating systems. Because of the lack of exclusive access to kernel objects used to track privileges, report processes, and do auditing, rootkits and other subversive programs can modify them without detection in many cases. Obscurity is no longer enough! Corporations and some private consumers have tried to secure themselves by buying third party products. However, these products are not enough to prevent an attacker using the DKOM method. DKOM writes directly to memory without calling the kernel functions used to protect these objects thus bypassing the protection mechanisms of the kernel and third party tools such as HIPS (Host Intrusion Prevention Systems).