The Rootkit Arsenal
-
The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System
By Bill BlundenLet's look at some source code to see exactly how this cryptor works. We'll start by observing the alterations that will need to be made to prepare the target application for encryption. Specifically, the first thing that needs to be ...
-
The Rootkit Arsenal: Escape and Evasion
By Bill BlundenThe execution cycle begins with the decryptor using some key (i.e., k1) to decrypt the body of the polymorphic code. Once decrypted, the code recasts the entire executable where the code body is encrypted with a new encryption key (i.e. ...
-
The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System
By Bill BlundenIn a Black Hat DC 2006 presentation,21 Irby Thompson and Mathew Monroe described a framework for concealing data that's based on three different concealment strategies: Out-of-band concealment. □ In-band concealment.
-
The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System
By Bill BlundenThis book covers more topics, in greater depth, than any other currently available.
-
The Rootkit Arsenal: Escape and Evasion
By Bill BlundenAdopting an approach that favors full disclosure, The Rootkit Arsenal presents the most accessible, timely, and complete coverage of rootkit technology. This book covers more topics, in greater depth, than any other currently available.
-
The Rootkit Arsenal: Escape and Evasion
By Bill Blunden... rootkits. Spyware, for example, will often conceal itself while collecting data from the user's machine. Botnets implement remote control functionality. Where does one draw the line between rootkits and various forms of malware? The ...