Leading up to Black Hat USA, hear from Black Hat Review Board Members, Speakers, Trainers and Partners about their contributions to information security and the upcoming Black Hat event.
Today we interview Bill Demirkapi about upcoming Black Hat USA 2020 Briefing "Demystifying Modern Windows Rootkits." Read more below:
Hi Bill, I read in your bio that you are a student at Rochester Institute of Technology – that's awesome! What are you currently studying? What are some of your favorite courses?
I am studying Computing Security at the Rochester Institute of Technology. Being completely honest, I don't have any favorite courses right now. Most of the interesting classes don't come until my third year. The best part of my college education has been the free-time that has come with it.
How did the pandemic impact your first year at University? Did you end up taking a lot of distance learning courses, do you have any more free time or less?
The pandemic impacted me in different ways depending on the topic. For example, from a grades perspective the pandemic ended up helping me. Courses were understandably significantly more loose in their requirements and in general "easier". From an educational perspective, many courses had to cut their content not only in volume but switch to a new method of delivery. My networking course had a major "hands on" component to it which the pandemic changed. Now, I was doing labs that would be done on real hardware in writing only, decreasing the amount of learning you actually got. From a time perspective, I got much more time to do what I wanted to. There was no travel time or required in person time, so I was able to mold my coursework to my schedule. It ended up being significantly less time drain than if I was on campus.
I see you've presented at a few Security Conferences before. Is this your first time speaking at Black Hat? Have you attended before? What inspired you to submit?
This is my first-time speaking at Black Hat and I have not attended Black Hat before primarily due to the cost of travel. Black Hat has always been a conference I've looked up to primarily because of its extremely high standard for strong technical content. As I was wrapping up my research into writing a Windows rootkit, I noticed overall in the industry I don't often see Windows kernel related content. Upon a deeper inspection, I found that Black Hat itself had very little content relating to malware in the Windows kernel realm. The closest event I found was a training from back in 2018 titled "Windows Kernel Rootkit Techniques" which explored several important topics when it comes to writing a rootkit, but this was only a training. There had really been no talks to the general audience about writing a rootkit, so I thought my research into rootkits would be useful to red teamers who haven't looked into kernel malware before.
You are going to walkthrough how to write a rootkit from scratch and all of the drawbacks in your Briefings presentation — Without giving too much away, can you share a few key takeaways or highlights of your presentation that people can get excited for?
There is going to be a ton of great content in the presentation, but there are a few parts the audience can get excited for. First off, for any audience member who hasn't used kernel-level malware in the past, I'll explain several methods of loading a rootkit, arguably one of the more difficult steps in making one. Furthermore, I'll be walking the audience through the creation and design decisions of the "Spectre Rootkit", which abuses legitimate network communication to communicate with its C2. Along with the presentation of the talk, I will be open sourcing this rootkit to the public as a learning resource.
I read a VICE article about the vulnerability you discovered in your High Schools record keeping software and Blackboards software suite. What was your motivation? Did you have a hint that there could be an exploit, or do you just naturally tend to tinker with things?
Back in high school, I was interested in learning security and I thought the best way to start would be to incentivize learning it. What's more incentivizing than attempting to hack your school's grading system? I didn't have any hint that there was a vulnerability, but I persisted anyway until I found something big. To be clear, the goal wasn't the ability to tamper with the grading system (i.e to change my own grades), but the idea of finding a vulnerability in a grading system was enticing enough to push my efforts of teaching myself security.
I also saw your Hacking College Admissions blog, where were you when I needed to get in to Law School? Did you ever receive a response to your notifications? I know you said the issues were patched, but am still surprised there was no follow up.
After that article, I reached out to the IT teams for some of the impacted schools and had positive responses. I never had direct contact with TargetX and never heard from WPI again.
Bill Demirkapi is a student at the Rochester Institute of Technology with an intense passion for Windows Internals. Bill's interests include game hacking, reverse engineering malware, and exploit development. In his pursuit to make the world a better place, Bill constantly looks for the next big vulnerability following the motto "break anything and everything."