HAKIN9 EXTRA – ROOTKIT 06/2011

(11 views)

Download FileHakin9-Extra-6_2011_EN.pdf Please login or Register to access downloadables Download Rootkits Hidden in Hardware of PC by Anibal SaccoLet’s think like an attacker for a second. There are multiple applications dedicated to find malicious code both in user and in kernel space. So new places have to be found to deploy your code while keeping it stealthy. TDSS aka TDL – Chronology by Eugene MelnichenkoAn attempt could have been made to reconcile the inconsistencies shown above; however, the rootkit uses several kernel threads to check if rootkit hooks are present and to restore them if required. How to Write a Good Rootkit: a Different Approach by Valerio LupiYou can hide your startup registry key (depending on how do you autostart your DLL which needs to be reinjected in EXPLORER.EXE at login time) by not creating the registry key at all, and doing that at shutdown only (catching the WM_QUERYENDSESSION/WM_ENDSESSION message in your rootkit....

April 19, 2022
Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023