Re: Reversing x64 TDSS at InfoSec Institute

[NeZa <neza0x () gmail com>]

Here you also have a 101 Approach of the bootkit portion of the TDSS-4
Malware - Part 1. Hope you enjoy it.

http://danuxx.blogspot.com/2011/03/tdsstdl-4-bootkit-101-approach-part-1.html

On Wed, Apr 20, 2011 at 2:01 PM, Adam Behnke <adam () infosecinstitute com>wrote:

> Hello everyone,****
>
> ** **
>
> We have a new article series on x64 TDSS up at InfoSec Institute. The
> series discusses the first malware to reliably attach x64 operating systems
> such as Windows Vista and Windows 7. This technically advanced malware
> bypasses many protective measures in various operation systems and exploits
> the normal boot process.****
>
> ** **
>
> You can find the first article, in the series of three, here:****
>
> ** **
>
> http://resources.infosecinstitute.com/tdss4-part-1/****
>
> ** **
>
> In this research we focused on the most interesting and exceptional
> features of the Win32/Olmarik bootkit. Special attention was paid to the
> bootkit functionality which appeared in TDL4 and enabled it to begin its
> launch process before the OS is loaded, as well as its ability to load an
> unsigned kernel-mode driver — even on systems with kernel-mode code signing
> policy enabled — and bypassing kernel-mode patch protection mechanisms.
> These characteristics all make TDL4’s a prominent player on the malware
> scene.****
>
> ** **
>
> Your thoughts?****
>
> ** **
>
> ** **
>
> _______________________________________________
> Dailydave mailing list
> Dailydave () lists immunityinc com
> https://lists.immunityinc.com/mailman/listinfo/dailydave


-- 
DanUx
---------------

_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave