Dailydave mailing list archives

64 bit kernel rootkits FTW

From: Dave Aitel <dave () immunityinc com>
Date: Thu, 02 Jun 2011 09:47:24 -0400

As much as we are huge fans of userland rich application backdoors
<http://www.immunityinc.com/movies/ThunderbirdBackdoor_last.mp4>, there
are times when you want something in the kernel. To this effect,
Immunity has recently updated our MS11_032 local kernel exploit (which
works on all Windows versions), to turn off Code Integrity
<http://technet.microsoft.com/en-us/library/dd348642%28WS.10%29.aspx>,
which is the Windows feature that disallows unsigned drivers from
loading (on x64 Windows 7 SP1).

If you're interested in this sort of thing, I highly recommend you drink
your morning coffee and check out this movie:
http://www.immunityinc.com/movies/MS11_032_HCN_ROOTKIT_64.mov

Thanks,
Dave Aitel
Immunity, Inc.

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave

Current thread:

64 bit kernel rootkits FTW Dave Aitel (Jun 02)