Home
Forums
News
Software
Rootkit List
Articles
Links
Contact Us

Click Flag for Translation

Subscribe to the Antirootkit Newsletter
Enter Email Address

Subscribe
Unsubscribe

Home > Articles

Proof of Concept Articles

Worlds First Kernel Mode Ircbot

Tibbar explains in his blog how he has created the worlds first Kernel Mode Ircbot.

Read tibbar's blog


Remote Windows Kernel Exploitation - Step Into the Ring 0 (PDF - 279KB)

"Over eight years have passed and almost every possible method and technique regarding Windows exploitation has been discussed in depth. Surprisingly, a topic that has yet to be touched on publicly is the remote exploitation of Win32 kernel vulnerabilities; a number of kernel vulnerabilities have been published, yet no exploit code has surfaced in the public arena."

Read the Full Article


AntiHookExec Version 1.0 (Anti API Hooking Proof-Of-Concept)

API hooking is a technique whereby malicious programs may intercept computer data relating to it existence, modify it to hide itself and pass on the modified information to Windows.

"This proof-of-concept code demonstrates how to overcome some of the API hooking techniques to execute a specified EXE that is free from API hooks. This program has been tested to work against HackDefender Version 1.0 rootkit for Windows."

Read the whole article at security.org.sg


 

Implementing and Detecting Implementing and Detecting an ACPI BIOS Rootkit

This proof of concept article, a PDF format of a Powerpoint Presentation, is an excellent read and shows how easily a rootkit could be live in the BIOS. Looks like this will be shown at the Black Hat Europe 2006 Briefings and Training in Amsterdam.

Read the whole article at ngssoftware.com. Download the latest version of Adobe Reader.


FUTo: Bypassing Blacklight and IceSword

Nice Article on how new techniques are being used by the best Rootkit Detection software to detect what the Rootkit is hiding instead of the Rootkit itself. Interesting Idea. "This paper will discuss an algorithm that is used by both Blacklight and IceSword to detect hidden processes".

Read the whole article at rootkit.com.

©2005 Antirootkit.com