The most important ability is being able to hide your abilities.

[Dave Aitel <dave () immunityinc com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

So much of what we do is writing things that are not rootkits, but
essentially use similar techniques:

14:58 < justin> so its like 0x4ad01214 is the IAT entry for CreateProcessW
14:58 < justin> this allows me to do C:>notepad.exe and test my hook
14:58 < justin> and imm.inject_dll("C:\\UpprivHook.dll")
14:58 < justin> to test
14:59 < dave> cool
14:59 < dave> imm.inject_dll == totally awesome

Right now Immunity is building something that requires a userland
hook, and a kernelmode hook. Honestly, I think the world needs another
book on Windows Rootkits!

Oh, and congrats to Mike Reavy and Andrew Cushman!
http://www.cio.com/article/477472/Microsoft_Security_Response_Center_Gets_New_Boss

- -dave
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJeiWFtehAhL0gheoRAp5DAJ9/C+90zg/i5KZ00wm6JOR9yh7WnQCbBvZq
BQVzh6o+qxPhr+V28Mj0yog=
=YqH2
-----END PGP SIGNATURE-----

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave