[Dailydave] A growing darkness
Robert Holgstad
rholgstad at gmail.com
Thu Aug 14 19:27:10 EDT 2008
http://packetstormsecurity.nl/UNIX/penetration/rootkits/mood-nt_2.3.tgz
this is a rk for linux that uses it now..
halfdeads article in the last phrack also explains the idea also.
other question: how does your rootkit enter the kernel (I am guessing this
is the loader part?) I am sure you have seen by now that in 2.6.26 -stable
they have limited access to /dev/mem to bios, pci, and non-ram address for
hardware, and completely killed kmem which kills many peoples rk research.
On Thu, Aug 14, 2008 at 2:47 PM, Dave Aitel <dave at immunityinc.com> wrote:
> [2] I think a Windows rootkit uses this hooking technique but I can't
> remember which one.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.immunitysec.com/pipermail/dailydave/attachments/20080814/9acba61f/attachment.htm
More information about the Dailydave
mailing list