kernel mode(2)
-
ZeroAccess – an advanced kernel mode rootkit, pdf
ZeroAccess – an advanced kernel mode rootkit 직접다운받기
-
ZeroAccess, Volatility, and Kernel Timers
ZeroAccess, Volatility, and Kernel Timers http://mnin.blogspot.kr/2011/10/zeroaccess-volatility-and-kernel-timers.html As today is Volatility Friday, we'll discuss how to hunt ZeroAccess in memory by following the lead of several others and then writing our own custom plugin. I first want to recognize the work done on this topic by Frank Boldewin, Giuseppe Bonfa, and Marco Giuliani. They are the..