HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 46 guests and 1 member online
 
Free Business and Tech Magazines and eBooks

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow Malwarearrow Boot Sector Rootkits
EH-Net
May 22, 2013, 01:58:31 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Boot Sector Rootkits  (Read 3228 times)
0 Members and 1 Guest are viewing this topic.
satyr
Newbie
*
Offline Offline

Posts: 41



View Profile
« on: February 12, 2012, 12:55:27 PM »
hi,

I wanted to look more into rootkits, specially kernel mode rootkits which affect the boot sector.

Please suggest resources for me to understand and learn so that I am able to analyse these malwares.

I want to dig deep into rootkits and understand how to analyze them.

Any help appreciated.
Logged
ajohnson
Recruiters
Hero Member
*
Offline Offline

Posts: 1057


aka dynamik


View Profile WWW
« Reply #1 on: February 13, 2012, 09:02:20 AM »
I haven't done much in this area, but http://www.amazon.com/Rootkits-Subverting-Windows-Greg-Hoglund/dp/0321294319/ref=sr_1_2?ie=UTF8&qid=1329145052&sr=8-2 was a decent introductory read. It's from 2005 and is probably dated now, but Syngress has a couple of others that seem like they would be of interest to you: http://www.amazon.com/Managed-Code-Rootkits-Hooking-Environments/dp/1597495743/ref=sr_1_3?ie=UTF8&qid=1329145052&sr=8-3

http://www.amazon.com/Guide-Kernel-Exploitation-Attacking-Core/dp/1597494860/ref=sr_1_12?ie=UTF8&qid=1329145052&sr=8-12

rootkit.com used to be a good resource as well, but it's not loading at the moment for me. I'm not sure if that's still around or not.
Logged
WIP: GCFA | www.infosiege.net | @infosiege

The day you stop learning is the day you start becoming obsolete.
lorddicranius
Sr. Member
****
Offline Offline

Posts: 447



View Profile WWW
« Reply #2 on: February 13, 2012, 10:30:16 AM »
Wasn't rootkit.com Haugland's site that was involved with the whole Anonymous/HBGary Federal ordeal?  Was it ever brought back up after that breach?
Logged
GSEC, eCPPT, Sec+
ajohnson
Recruiters
Hero Member
*
Offline Offline

Posts: 1057


aka dynamik


View Profile WWW
« Reply #3 on: February 13, 2012, 10:34:15 AM »
Quote from: lorddicranius on February 13, 2012, 10:30:16 AM
Wasn't rootkit.com Haugland's site that was involved with the whole Anonymous/HBGary Federal ordeal?  Was it ever brought back up after that breach?

Yea, that's correct. He's also the co-author of the first book I recommended.

I never participated there, so aside from hearing about that ordeal, I really don't know if it was ever brought back up. It very well may not have been.
Logged
WIP: GCFA | www.infosiege.net | @infosiege

The day you stop learning is the day you start becoming obsolete.
Eleven
Full Member
***
Offline Offline

Posts: 120


View Profile
« Reply #4 on: February 14, 2012, 10:36:59 AM »
Here is a nice analysis of the TDL4 rootkit.  http://resources.infosecinstitute.com/tdss4-part-1/

The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System Second edition will be out March 7.
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.055 seconds with 23 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.