Windows Rootkit相關鏈接[轉]

標題: Windows Rootkit相關鏈接

維護: 小四 <[email protected]>
鏈接: http://www.opencjk.org/~scz/200402170928.txt
創建: 2004-02-17 09:28
更新: 2004-08-03 09:52

--
    如有推薦，請發信至<[email protected]>多多指教，謝謝。
--

[ 1] Avoiding Windows Rootkit Detection/Bypassing PatchFinder 2 - Edgar Barbosa[2004-02-17]
     http://www.geocities.com/embarbosa/bypass/bypassEPA.pdf

[ 2] TOCTOU with NT System Service Hooking
     http://www.securityfocus.com/archive/1/348570

     TOCTOU with NT System Service Hooking Bug Demo
     http://www.securesize.com/Resources/hookdemo.shtml

[ 3] Hooking Windows NT System Services
     http://www.windowsitlibrary.com/content/356/06/1.html
     http://www.windowsitlibrary.com/content/356/06/2.html

[ 4] NTIllusion: A portable Win32 userland rootkit - Kdm <[email protected]>
     http://www.phrack.org/phrack/62/p62-0x0c_Win32_Portable_Userland_Rootkit.txt

[ 5] Kernel-mode backdoors for Windows NT - firew0rker <[email protected]>
     http://www.phrack.org/phrack/62/p62-0x06_Kernel_Mode_Backdoors_for_Windows_NT.txt

[ 6] Win2K Kernel Hidden Process/Module Checker 0.1 (Proof-Of-Concept) - Tan Chew Keong[2004-05-23]
     http://www.security.org.sg/code/kproccheck.html
     http://www.security.org.sg/code/KProcCheck-0.1.zip

[ 7] port/connection hiding - akcom[2004-06-18]
     http://www.rootkit.com/newsread_print.php?newsid=143

[ 8] Process Invincibility - metro_mystery[2004-06-13]
     http://www.rootkit.com/newsread_print.php?newsid=139

[ 9] KCode Patching - hoglund[2004-06-06]
     http://www.rootkit.com/newsread_print.php?newsid=152
     http://www.rootkit.com/vault/hoglund/migbot.zip

[10] Hiding Window Handles through Shadow Table Hooking on Windows XP - metro_mystery[2004-06-12]
     http://www.rootkit.com/newsread_print.php?newsid=137

[11] hooking functions not exported by ntoskrnl - akcom[2004-07-02]
     http://www.rootkit.com/newsread_print.php?newsid=151

[12] A method of get the Address of PsLoadedModuleList - stoneclever[2004-06-10]
     http://www.rootkit.com/newsread_print.php?newsid=135

[13] Fun with Kernel Structures (Plus FU all over again) - fuzen_op[2004-06-08]
     http://www.rootkit.com/newsread_print.php?newsid=134
     http://www.rootkit.com/vault/fuzen_op/FU_Rootkit.zip

[14] Getting Kernel Variables from KdVersionBlock, Part 2 - ionescu007[2004-07-11]
     http://www.rootkit.com/newsread_print.php?newsid=153

[15] Byepass Scheduler List Process Detection - SoBeIt <[email protected]>[2004-04-25]
     http://www.rootkit.com/newsread_print.php?newsid=117

[16] Detecting Hidden Processes by Hooking the SwapContext Function - worthy[2004-08-03]
     http://www.rootkit.com/newsread_print.php?newsid=170