標題: Windows Rootkit相關鏈接
維護: 小四 <[email protected]>
鏈接: http://www.opencjk.org/~scz/200402170928.txt
創建: 2004-02-17 09:28
更新: 2004-08-03 09:52
--
如有推薦,請發信至<[email protected]>多多指教,謝謝。
--
[ 1] Avoiding Windows Rootkit Detection/Bypassing PatchFinder 2 - Edgar Barbosa[2004-02-17]
http://www.geocities.com/embarbosa/bypass/bypassEPA.pdf
[ 2] TOCTOU with NT System Service Hooking
http://www.securityfocus.com/archive/1/348570
TOCTOU with NT System Service Hooking Bug Demo
http://www.securesize.com/Resources/hookdemo.shtml
[ 3] Hooking Windows NT System Services
http://www.windowsitlibrary.com/content/356/06/1.html
http://www.windowsitlibrary.com/content/356/06/2.html
[ 4] NTIllusion: A portable Win32 userland rootkit - Kdm <[email protected]>
http://www.phrack.org/phrack/62/p62-0x0c_Win32_Portable_Userland_Rootkit.txt
[ 5] Kernel-mode backdoors for Windows NT - firew0rker <[email protected]>
http://www.phrack.org/phrack/62/p62-0x06_Kernel_Mode_Backdoors_for_Windows_NT.txt
[ 6] Win2K Kernel Hidden Process/Module Checker 0.1 (Proof-Of-Concept) - Tan Chew Keong[2004-05-23]
http://www.security.org.sg/code/kproccheck.html
http://www.security.org.sg/code/KProcCheck-0.1.zip
[ 7] port/connection hiding - akcom[2004-06-18]
http://www.rootkit.com/newsread_print.php?newsid=143
[ 8] Process Invincibility - metro_mystery[2004-06-13]
http://www.rootkit.com/newsread_print.php?newsid=139
[ 9] KCode Patching - hoglund[2004-06-06]
http://www.rootkit.com/newsread_print.php?newsid=152
http://www.rootkit.com/vault/hoglund/migbot.zip
[10] Hiding Window Handles through Shadow Table Hooking on Windows XP - metro_mystery[2004-06-12]
http://www.rootkit.com/newsread_print.php?newsid=137
[11] hooking functions not exported by ntoskrnl - akcom[2004-07-02]
http://www.rootkit.com/newsread_print.php?newsid=151
[12] A method of get the Address of PsLoadedModuleList - stoneclever[2004-06-10]
http://www.rootkit.com/newsread_print.php?newsid=135
[13] Fun with Kernel Structures (Plus FU all over again) - fuzen_op[2004-06-08]
http://www.rootkit.com/newsread_print.php?newsid=134
http://www.rootkit.com/vault/fuzen_op/FU_Rootkit.zip
[14] Getting Kernel Variables from KdVersionBlock, Part 2 - ionescu007[2004-07-11]
http://www.rootkit.com/newsread_print.php?newsid=153
[15] Byepass Scheduler List Process Detection - SoBeIt <[email protected]>[2004-04-25]
http://www.rootkit.com/newsread_print.php?newsid=117
[16] Detecting Hidden Processes by Hooking the SwapContext Function - worthy[2004-08-03]
http://www.rootkit.com/newsread_print.php?newsid=170
Windows Rootkit相關鏈接[轉]
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章
{轉載}惠普前總裁孫振耀指點職業規劃
我有個有趣的觀察,外企公司多的是25-35歲的白領,40歲以上的員工很少,二三十歲的外企員工是意氣風發的,但外企公司40歲附近的經理人是很尷尬 的。我
luckheadline
2020-07-03 01:51:54
java7和java8 hashmap擴容機制及區別
若Q清风
2020-06-28 00:07:26
libxml2庫函數的解析
xml|函數 libxml(一) 摘要 Libxml是一個有免費許可的用於處理XML、可以輕鬆跨越多個平臺的C語言庫。這個指南提供它的基本函數的例子。 緒論 L
四方山下
2020-06-16 07:24:37
反病毒引擎設計[轉]
本文將對當今先進的病毒/反病毒技術做全面而細緻的介紹,重點當然放在了反病毒上,特別是虛擬機和實時監控技術。文中首先介紹幾種當今較爲流行的病毒技術,包括
觉鸿
2020-06-14 13:12:12
Java web 中的target屬性
garylijia
2020-06-13 18:50:11
內存分配(new/delete,malloc/free,allocator,內存池)
无缰之马
2020-02-25 15:44:47
求遞歸算法時間複雜度:遞歸樹
无缰之马
2020-02-25 15:44:37
{轉載}Linux/Unix平臺可執行文件格式分析
luckheadline
2020-02-24 08:45:00
如何在Windows NT中隱藏自己[轉]
觉鸿
2020-02-23 18:37:01
Phrack最新公佈的內核態RootKit的技術細節[轉]
觉鸿
2020-02-23 18:37:01
解析Windows2000的IDT擴展機制[轉]
觉鸿
2020-02-23 18:37:01
利用調用門從Ring 3進入Ring 0[轉]
觉鸿
2020-02-23 18:37:01
CreateProcess in KernelMode[轉]
觉鸿
2020-02-23 18:37:01
Java程序員面試中的多線程問題
张毓飞
2020-02-23 12:50:59