An Uninvited Guest (Who Won't Go Home)
- Type
- Slides
- Tags
- rootkit
- Authors
- Bill Blunden
- Event
- Source Conference Boston 2010
- Indexed on
- Mar 26, 2013
- URL
- http://www.sourceconference.com/bos10pubs/BillBlunden.pdf
- File name
- BillBlunden.pdf
- File size
- 2.2 MB
- MD5
- ed9291ee868f75fc666d954b50ae46ac
- SHA1
- 2d07b890d44ea434511faaa3f06714b4c0ca27ec
While there are a multitude of battle-tested forensic tools that focus on disk storage, the domain of memory analysis is still emerging. In fact, even the engineers who work at companies that sell memory-related tools have been known to admit that the percentage of investigators who perform an in-depth examination of memory is relatively small. In light of this, staying memory resident is a viable strategy for rootkit deployment. The problem then becomes a matter of remaining inconspicuous and finding novel ways to survive a system restart. In this presentation I’ll look at rootkit technology that tackles both of these issues on the Windows platform.
About us
Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.
Statistics
Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.
Contribute
To support this site and keep it alive, you can click on the buttons below. Any help is really appreciated! This service is provided for free, but real money is needed to pay bills.
