Memory analysis: "Catalogue of Kernel-mode Backdoors"

Catalogue of Kernel-mode Backdoors

Some time ago Skape and Skywing have published a Catalogue of Windows Kernel-mode Backdoor Techniques.

On 28 pages their whitepaper describes several means to get your code covertly executed in the kernel of Microsoft Windows. The document also provides good hints on how to detect these manipulations. Everyone who conducts forensic examinations on Windows memory dumps should be aware of these techniques.

Posted by Andreas Schuster on November 7, 2007 04:00 PM | Permalink

Search

Deutsch

Deutschsprachige Ausgabe

Latest articles

CarvFS on a Mac
EvtxParser on Ubuntu Linux
ZISC Workshop on Digital Forensics 2010
Evtx Parser Version 1.0.5
Slides from SANS Forensics Summit
Evtx Parser Version 1.0.4
A non-empty NullType
Tutorial on File System Analysis
Evtx Parser Version 1.0.3
Test of Media Preparation Tools

Imprint

This blog is a project of
Andreas Schuster
Im Äuelchen 45
D-53177 Bonn
Germany
impressum@forensikblog.de

int for(ensic){blog;}

Notes on computer forensics - international edition.

Catalogue of Kernel-mode Backdoors

Search

Deutsch

Categories

Latest articles

Imprint

int for(ensic){blog;}

Notes on computer forensics - international edition.

Catalogue of Kernel-mode Backdoors

Search

Deutsch

Categories

Latest articles

Subscribe

Imprint