windows rootkit 有用链接(转载)

原创 2007年10月02日 10:38:00
[ 1] Avoiding Windows Rootkit Detection/Bypassing PatchFinder 2 - Edgar Barbosa[2004-02-17]
     http://www.geocities.com/embarbosa/bypass/bypassEPA.pdf

[ 2] TOCTOU with NT System Service Hooking
     http://www.securityfocus.com/archive/1/348570

     TOCTOU with NT System Service Hooking Bug Demo
     http://www.securesize.com/Resources/hookdemo.shtml

[ 3] Hooking Windows NT System Services
     http://www.windowsitlibrary.com/content/356/06/1.html
     http://www.windowsitlibrary.com/content/356/06/2.html

[ 4] NTIllusion: A portable Win32 userland rootkit - Kdm <Kodmaker@syshell.org>
     http://www.phrack.org/phrack/62/p62-0x0c_Win32_Portable_Userland_Rootkit.txt

[ 5] Kernel-mode backdoors for Windows NT - firew0rker <firew0rker@nteam.ru>
     http://www.phrack.org/phrack/62/p62-0x06_Kernel_Mode_Backdoors_for_Windows_NT.txt

[ 6] Win2K Kernel Hidden Process/Module Checker 0.1 (Proof-Of-Concept) - Tan Chew Keong[2004-05-23]
     http://www.security.org.sg/code/kproccheck.html
     http://www.security.org.sg/code/KProcCheck-0.1.zip
     http://www.security.org.sg/code/KProcCheck-0.2beta1.zip

[ 7] port/connection hiding - akcom[2004-06-18]
     http://www.rootkit.com/newsread_print.php?newsid=143

[ 8] Process Invincibility - metro_mystery[2004-06-13]
     http://www.rootkit.com/newsread_print.php?newsid=139

[ 9] KCode Patching - hoglund[2004-06-06]
     http://www.rootkit.com/newsread_print.php?newsid=152
     http://www.rootkit.com/vault/hoglund/migbot.zip

[10] Hiding Window Handles through Shadow Table Hooking on Windows XP - metro_mystery[2004-06-12]
     http://www.rootkit.com/newsread_print.php?newsid=137

[11] hooking functions not exported by ntoskrnl - akcom[2004-07-02]
     http://www.rootkit.com/newsread_print.php?newsid=151

[12] A method of get the Address of PsLoadedModuleList - stoneclever[2004-06-10]
     http://www.rootkit.com/newsread_print.php?newsid=135

[13] Fun with Kernel Structures (Plus FU all over again) - fuzen_op[2004-06-08]
     http://www.rootkit.com/newsread_print.php?newsid=134
     http://www.rootkit.com/vault/fuzen_op/FU_Rootkit.zip

[14] Getting Kernel Variables from KdVersionBlock, Part 2 - ionescu007[2004-07-11]
     http://www.rootkit.com/newsread_print.php?newsid=153

[15] Byepass Scheduler List Process Detection - SoBeIt <kinvis@hotmail.com> [2004-04-25]
     http://www.rootkit.com/newsread_print.php?newsid=117

[16] Detecting Hidden Processes by Hooking the SwapContext Function - kkasslin[2004-08-03]
     http://www.rootkit.com/newsread_print.php?newsid=170

[17] Loading Rootkit using SystemLoadAndCallImage - Greg Hoglund <hoglund@ieway.com> [2000-08-29]
     http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0114.html
     http://seclists.org/lists/bugtraq/2000/Aug/0408.html
     http://marc.theaimsgroup.com/?l=ntbugtraq&m=96766147118874&w=2
     http://www.securityfocus.com/archive/1/79379/2002-11-30/2002-12-06/0

[18] A *REAL* NT Rootkit, patching the NT Kernel - Greg Hoglund <hoglund@ieway.com> [1999-09-09]
     http://www.phrack.org/phrack/55/P55-05

[19] Win2K/XP SDT Restore 0.2 (Proof-Of-Concept) - Tan Chew Keong[2004-10-01]
     http://www.security.org.sg/code/sdtrestore.html
     http://www.security.org.sg/code/SDTrestore-0.1.zip
     http://www.security.org.sg/code/SDTrestore-0.2.zip

     Disabling Sebek Win32 Client by Direct Service Table Restoration - Tan Chew Keong[2004-07-17]
     http://www.security.org.sg/vuln/sebek215-2.html

[20] Sebek is a tool to capture the attacker's activities on a honeypot
     http://www.honeynet.org/tools/sebek/

     Sebek client for Win2000 and WinXP
     http://www.honeynet.org/tools/sebek/sebek-win32-2.1.5-src.zip

[21] Advanced Windows 2000 Rootkits Detection - Jan K. Rutkowski <jkrutkowski@elka.pw.edu.pl>
     http://www.blackhat.com/presentations/bh-usa-03/bh-us-03-rutkowski/bh-us-03-rutkowski-r2.pdf
     http://www.blackhat.com/presentations/bh-usa-03/bh-us-03-rutkowski/rutkowski-antirootkit.zip

[22] Windows Key Logging and Counter-Measures - Chew Keong TAN <chewkeong@hotmail.com>
     http://pachome2.pacific.net.sg/~chewkeong/keylogr.pdf

[23] Windows NT System-Call Hooking/Dr. Dobb's Journal January 1997 - Mark Russinovich <mark@osr.com> and Bryce Cogswell <cogswell@cs.uoregon.edu>
     http://www.exetools.com/forum/showthread.php?p=23296
     http://www.exetools.com/forum/attachment.php?attachmentid=1751(9701.rar 253.6KB)
     (three post minimum required)

[24] Kernel Filter Driver Example & Article(非常不错)
     Designing A Kernel Key Logger/A Filter Driver Tutorial - Clandestiny <clandestiny@despammed.com> [2004-09-01]
     http://www.woodmann.net/forum/showthread.php?t=6312
     http://www.woodmann.net/forum/attachment.php?attachmentid=1084(Klog 1.0.zip 139.8KB)

[25] Hide'n'Seek? Anatomy of Stealth Malware
     http://www.blackhat.com/presentations/bh-europe-04/bh-eu-04-erdelyi/bh-eu-04-erdelyi-paper.pdf
     (对rootkit隐藏手段进行概述性介绍,没有太多意义)

[26] A more stable way to locate real KiServiceTable - 90210[2004-08-12]
     http://www.rootkit.com/newsread_print.php?newsid=176

[27] Bypassing SDT Restore tool - Opc0de[2004-10-11]
     http://www.rootkit.com/newsread_print.php?newsid=200
     http://www.rootkit.com/vault/Opc0de/Bypassing_SDT_Restore.zip

[28] Writing Trojans that bypass Windows XP Service Pack 2 Firewall - <americanidiot@hushmail.com> [2004-10-12]
     http://marc.theaimsgroup.com/?l=full-disclosure&m=109759186016337&w=2

[29] Concepts for the Stealth Windows Rootkit - Joanna Rutkowska <joanna@mailsnare.net> [2003-09]
     http://invisiblethings.org/papers/chameleon_concepts.pdf

[30] Rootkits Detection on Windows Systems - Joanna Rutkowska <joanna@invisiblethings.org> [2004-10]
     http://invisiblethings.org/papers/ITUnderground2004_Win_rtks_detection.ppt

[31] OMCD - Open Methodology for Compromise Detection by Joanna Rutkowska <omcd@isecom.org>
     http://www.isecom.org/projects/omcd.shtml
     http://isecom.securenetltd.com/omcs.outline.v.0.1.pdf

[32] Windows rootkits of 2005 - James Butler <james.butler@hbgary.com>, Sherri Sparks <ssparks@longwood.cs.ucf.edu> [2005-11-04]
     http://www.securityfocus.com/infocus/1850
     http://www.securityfocus.com/infocus/1851
     http://www.securityfocus.com/infocus/1854

     http://www.securityfocus.com/print/infocus/1850
     http://www.securityfocus.com/print/infocus/1851
     http://www.securityfocus.com/print/infocus/1854
     (xuna推荐)

[33] Implementing malware with virtual machines - Samuel T. King, Peter M. Chen
     http://www.eecs.umich.edu/Rio/papers/king06.pdf

     how to detect VMM using (almost) one CPU instruction - Joanna Rutkowska <joanna@invisiblethings.org>
     http://invisiblethings.org/tools/redpill.c
     http://invisiblethings.org/tools/redpill.exe
 

从EXE的资源段提取sys文件-转载自(rootkit:subverting the windows kernel)

Windows PE executables allow multiple sections to be included in the binary file. Each section can b...

有用代码改变链接字体和颜色

  • 2009年02月18日 18:37
  • 10KB
  • 下载

android:有用链接总结

android学习:有用链接总结 项目学习 **************************************************************...

wireshark学习总结(1)---有用的链接

wireshark有用的相关学习链接 PCAP驱动程序 1)WinPcap:http://www.winpcap.org/ 2)LibPcap:http://www.tcpdump.org/ Wi...

Machine Translation Useful Links: Techniques, Toolkits, Videos (机器翻译中的有用链接:相关技术、工具和视频)

Machine TranslationUseful Links: Techniques, Toolkits, Videos   TianLiang 2011-12-2   There are...

有用链接总结

TIPS @2 更新 ###################################################################@1 这里的这些事博客地址我会和...

一些有用的WCF相关链接

看下来最好的文章还是在MSDN上. 这个是WCF主站: http://msdn.microsoft.com/en-us/netframework/aa663324.aspx 这个是MSDN自身文...
  • sayo
  • sayo
  • 2011年02月24日 14:16
  • 467

一些常见有用的图像视频资源链接

1. JPEG2000    [官方网站]      http://www.jpeg.org/jpeg2000/CDs15444.html        [经典文章]    (1)The...
  • uselym
  • uselym
  • 2014年06月26日 13:42
  • 508
内容举报
返回顶部
收藏助手
不良信息举报
您举报文章:windows rootkit 有用链接(转载)
举报原因:
原因补充:

(最多只允许输入30个字)