Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers

In this article, IBM Security X-Force Red offensive hackers examine how attackers with access to elevated privileges can utilise such access to set up Windows Kernel post-exploitation capabilities. Public accounts have progressively demonstrated over the past few years that less experienced attackers are employing this method to accomplish their goals.

Thus, it’s critical that we draw attention to this skill and discover more about its potential implications. In particular, we will examine how kernel post-exploitation can be utilised to disable ETW sensors in this post and connect it to malware samples found in the wild the previous year.

Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address

Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers

21-Feb-23

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address