Malware and especially root-kits monitor every of your actions. The same techniques can be used be used to monitor malware itself or to make sure nothing nasty is going on inside your regular applications. In this talk, we will present state of the art monitoring techniques found in malware and talk about advantages and disadvantages of the different possibilities. Furthermore, we are going to demo and present our user-level framework for writing your own root-kits in python. This allows to observe the malicious actions going on in your PDF reader while being exploited, to monitor the unencrypted data of HTTPS sessions inside your browser, or to have a look at the actions of malware.
Felix Leder is a senior researcher at the Fraunhofer FKIE and a PhD student at the University of Bonn. After working for Nokia he turned to his favourite field of research: IT-Security. His current research interests are botnet mitigation tactics and new methodologies for executable and malware analysis. A lot of hispare-time is spent on involvement in the Honeynet Project.