In this talk, the author presents various ways to subvert Windows CE kernel to hide certain objects from the user. Architecture and inner mechanisms of the Windows CE kernel are discussed first, with a focus on memory management, process management, syscall handling, and security. Next the author explains the methods he used for hiding processes, files, and registry keys using hooking of handle- and non-handle-based syscalls, direct kernel object manipulations, injecting filtering code into various server processes and steps to stay loaded even after cold reboot. A fully functional prototype rootkit is presented.