.

Boot Sector Rootkits

<<

satyr

User avatar

Newbie
Newbie

Posts: 41

Joined: Wed Aug 11, 2010 6:15 am

Post Sun Feb 12, 2012 1:55 pm

Boot Sector Rootkits

hi,

I wanted to look more into rootkits, specially kernel mode rootkits which affect the boot sector.

Please suggest resources for me to understand and learn so that I am able to analyse these malwares.

I want to dig deep into rootkits and understand how to analyze them.

Any help appreciated.
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Mon Feb 13, 2012 10:02 am

Re: Boot Sector Rootkits

I haven't done much in this area, but http://www.amazon.com/Rootkits-Subverti ... 052&sr=8-2 was a decent introductory read. It's from 2005 and is probably dated now, but Syngress has a couple of others that seem like they would be of interest to you: http://www.amazon.com/Managed-Code-Root ... 052&sr=8-3

http://www.amazon.com/Guide-Kernel-Expl ... 52&sr=8-12

rootkit.com used to be a good resource as well, but it's not loading at the moment for me. I'm not sure if that's still around or not.
The day you stop learning is the day you start becoming obsolete.
<<

lorddicranius

User avatar

Sr. Member
Sr. Member

Posts: 448

Joined: Thu Mar 03, 2011 3:54 am

Post Mon Feb 13, 2012 11:30 am

Re: Boot Sector Rootkits

Wasn't rootkit.com Haugland's site that was involved with the whole Anonymous/HBGary Federal ordeal?  Was it ever brought back up after that breach?
GSEC, eCPPT, Sec+
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Mon Feb 13, 2012 11:34 am

Re: Boot Sector Rootkits

lorddicranius wrote:Wasn't rootkit.com Haugland's site that was involved with the whole Anonymous/HBGary Federal ordeal?  Was it ever brought back up after that breach?


Yea, that's correct. He's also the co-author of the first book I recommended.

I never participated there, so aside from hearing about that ordeal, I really don't know if it was ever brought back up. It very well may not have been.
The day you stop learning is the day you start becoming obsolete.
<<

Eleven

User avatar

Full Member
Full Member

Posts: 121

Joined: Thu Nov 10, 2011 6:47 pm

Post Tue Feb 14, 2012 11:36 am

Re: Boot Sector Rootkits

Here is a nice analysis of the TDL4 rootkit.  http://resources.infosecinstitute.com/tdss4-part-1/

The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System Second edition will be out March 7.

Return to Malware

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software