Windows rootkits of 2005, part one

by James Butler, Sherri Sparks
Sept. 25, 2017 1 comment Symantec Rootkits

The first of this three-part series will discuss what a rootkit is and what makes them so dangerous. We'll start by looking at various modes of execution and the ways they talk to the kernel: hooking tables, using layered filter drivers, and dealing directly with Windows kernel objects. The second article will address the latest Windows rootkit approach that uses virtual memory hooking to provide a high degree of stealth. Then the third and final article will discuss various methods of rootkit detection and countermeasures for security professionals.

2flash 7 months, 3 weeks ago

This looks like a well-researched not presentation, but even thesis....