- Title: Subverting Windows Embedded CE 6 Kernel
- Speakers: Petr Matousek
- Language: English
- Keywords: operating system security, rootkits, windows embedded
CANCELLED (Petr cannot come to Paris)
In this talk, the author presents various ways to subvert Windows Embedded CE 6 kernel to hide certain objects from the user. Architecture and inner mechanisms of the Windows Embedded CE 6 kernel and comparison with Windows CE 5 kernel are discussed first, with a focus on memory management, process management, syscall handling, and security. Next the author explains the methods he used for hiding processes, files, and registry keys - mainly direct kernel object manipulations, hooking of handle- and non-handle-based syscalls not only via apiset modifications but also using previously not documented ways. The author also discusses ways to detect rootkits installed on the device. A fully functional prototype rootkits, detection programs and various monitoring utilities are presented and examined.
