| Home > Articles
Proof of Concept Articles
Worlds
First Kernel Mode Ircbot
Tibbar explains in his blog how he has created the worlds first
Kernel Mode Ircbot.
Read
tibbar's blog
Remote
Windows Kernel Exploitation - Step Into the Ring 0 (PDF
- 279KB)
"Over eight years have passed and almost every possible method
and technique regarding Windows exploitation has been discussed
in depth. Surprisingly, a topic that has yet to be touched on publicly
is the remote exploitation of Win32 kernel vulnerabilities; a number
of kernel vulnerabilities have been published, yet no exploit code
has surfaced in the public arena."
Read
the Full Article
AntiHookExec
Version 1.0 (Anti API Hooking Proof-Of-Concept)
API hooking is a technique whereby malicious programs may intercept
computer data relating to it existence, modify it to hide itself
and pass on the modified information to Windows.
"This proof-of-concept code demonstrates how to overcome some
of the API hooking techniques to execute a specified EXE that is
free from API hooks. This program has been tested to work against
HackDefender Version 1.0 rootkit for Windows."
Read the whole article at security.org.sg
Implementing
and Detecting Implementing and Detecting an ACPI BIOS Rootkit
This proof of concept article, a PDF format of a Powerpoint Presentation,
is an excellent read and shows how easily a rootkit could be live
in the BIOS. Looks like this will be shown at the Black Hat Europe
2006 Briefings and Training in Amsterdam.
Read the whole article at ngssoftware.com.
Download the latest version of Adobe
Reader.
FUTo:
Bypassing Blacklight and IceSword
Nice Article on how new techniques are being used by the best Rootkit
Detection software to detect what the Rootkit is hiding instead
of the Rootkit itself. Interesting Idea. "This paper will discuss
an algorithm that is used by both Blacklight and IceSword to detect
hidden processes".
Read the whole article at rootkit.com.
|
