Dailydave mailing list archives
64 bit kernel rootkits FTW
From: Dave Aitel <dave () immunityinc com>
Date: Thu, 02 Jun 2011 09:47:24 -0400
As much as we are huge fans of userland rich application backdoors <http://www.immunityinc.com/movies/ThunderbirdBackdoor_last.mp4>, there are times when you want something in the kernel. To this effect, Immunity has recently updated our MS11_032 local kernel exploit (which works on all Windows versions), to turn off Code Integrity <http://technet.microsoft.com/en-us/library/dd348642%28WS.10%29.aspx>, which is the Windows feature that disallows unsigned drivers from loading (on x64 Windows 7 SP1). If you're interested in this sort of thing, I highly recommend you drink your morning coffee and check out this movie: http://www.immunityinc.com/movies/MS11_032_HCN_ROOTKIT_64.mov Thanks, Dave Aitel Immunity, Inc.
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- 64 bit kernel rootkits FTW Dave Aitel (Jun 02)