Dailydave mailing list archives

Re: A growing darkness

From: "Robert Holgstad" <rholgstad () gmail com>
Date: Thu, 14 Aug 2008 18:27:10 -0500

http://packetstormsecurity.nl/UNIX/penetration/rootkits/mood-nt_2.3.tgz

this is a rk for linux that uses it now..
halfdeads article in the last phrack also explains the idea also.

other question: how does your rootkit enter the kernel (I am guessing this
is the loader part?) I am sure you have seen by now that in 2.6.26 -stable
they have limited access to /dev/mem to bios, pci, and non-ram address for
hardware, and completely killed kmem which kills many peoples rk research.

On Thu, Aug 14, 2008 at 2:47 PM, Dave Aitel <dave () immunityinc com> wrote:

[2] I think a Windows rootkit uses this hooking technique but I can't
remember which one.

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

A growing darkness Dave Aitel (Aug 14)
- Re: A growing darkness Mohammad Hosein (Aug 15)
- Re: A growing darkness Robert Holgstad (Aug 15)