In this talk we will discuss recent rootkit techniques, referencing the Tidserv and Mebroot families, and outline the methods they use to bypass the NTFS filesystem in order to successfully hide data on disk. We will also focus on the defense against such attacks, including possible countermeasures. We will then examine how the security industry is responding to the evolving rootkit landscape. Finally, we will present and comment results and statistcs about systems affected and detection / remediation rates.
Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.
Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.