Dailydave mailing list archives
Re: A growing darkness
From: "Robert Holgstad" <rholgstad () gmail com>
Date: Thu, 14 Aug 2008 18:27:10 -0500
http://packetstormsecurity.nl/UNIX/penetration/rootkits/mood-nt_2.3.tgz this is a rk for linux that uses it now.. halfdeads article in the last phrack also explains the idea also. other question: how does your rootkit enter the kernel (I am guessing this is the loader part?) I am sure you have seen by now that in 2.6.26 -stable they have limited access to /dev/mem to bios, pci, and non-ram address for hardware, and completely killed kmem which kills many peoples rk research. On Thu, Aug 14, 2008 at 2:47 PM, Dave Aitel <dave () immunityinc com> wrote:
[2] I think a Windows rootkit uses this hooking technique but I can't remember which one.
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- A growing darkness Dave Aitel (Aug 14)
- Re: A growing darkness Mohammad Hosein (Aug 15)
- Re: A growing darkness Robert Holgstad (Aug 15)