Function Rerouting from Kernel Land "Hades"

Presented at Black Hat USA 2011, Aug. 3, 2011, 3:40 p.m. (25 minutes)

Hades is a function rerouting tool that will subvert Windows application functions from the Kernel space. Advantages are: Detours, WinAPIOverride without the weight - When I saw that some malware was able to detect Detours and WinAPIOverride, I reversed the malware and determined that they were detecting if any unauthorized DLLs were being loaded. Detours and WAO depend on this ability to work effectively. So I created a system profiler that does not use DLL injection…


Presenters:

Links: