Windows rootkits of 2005, part one

by James Butler, Sherri Sparks Sept. 1, 2017 via Symantec

The first of this three-part series will discuss what a rootkit is and what makes them so dangerous. We'll start by looking at various modes of execution and the ways they talk to the kernel: hooking tables, using layered filter drivers, and dealing directly with Windows kernel objects. The second article will address the latest Windows rootkit approach that uses virtual memory hooking to provide a high degree of stealth. Then the third and final article will discuss various methods of rootkit detection and countermeasures for security professionals.

2flash 3 weeks ago

This looks like a well-researched not presentation, but even thesis....