Dailydave mailing list archives
The most important ability is being able to hide your abilities.
From: Dave Aitel <dave () immunityinc com>
Date: Fri, 23 Jan 2009 15:16:05 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 So much of what we do is writing things that are not rootkits, but essentially use similar techniques: 14:58 < justin> so its like 0x4ad01214 is the IAT entry for CreateProcessW 14:58 < justin> this allows me to do C:>notepad.exe and test my hook 14:58 < justin> and imm.inject_dll("C:\\UpprivHook.dll") 14:58 < justin> to test 14:59 < dave> cool 14:59 < dave> imm.inject_dll == totally awesome Right now Immunity is building something that requires a userland hook, and a kernelmode hook. Honestly, I think the world needs another book on Windows Rootkits! Oh, and congrats to Mike Reavy and Andrew Cushman! http://www.cio.com/article/477472/Microsoft_Security_Response_Center_Gets_New_Boss - -dave -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJeiWFtehAhL0gheoRAp5DAJ9/C+90zg/i5KZ00wm6JOR9yh7WnQCbBvZq BQVzh6o+qxPhr+V28Mj0yog= =YqH2 -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- The most important ability is being able to hide your abilities. Dave Aitel (Jan 23)