Chapter 8, Achieving Stealth and Maintaining Presence
The Cuckoo's Egg
UNIX Rootkit CERT Advisory
Abuse of the Linux Kernel for Fun and Profit
Weakening the Linux Kernel
YYT_HAC Rootkit
A *REAL* NT Rootkit, patching the NT kernel
Aspects of Offensive Rootkit Technology course
"Windows Root kits a stealthy threat," by Kevin Poulsen
Microsoft Security Bulletin MS03-026: Buffer Overrun in RPC Interface Could Allow Code Execution
You cannot remove suspicious folders from the FTP file structure
You cannot delete a file or a folder on an NTFS file system volume
IE usage survey
F-Secure Blacklight
Malicious Software Encyclopedia: WinNT/Ispro
David Aucsmith - WinHEC
MSRC Blog About Delprot Rootkit & MSRT
Shadow Walker announced at Blackhat
Shadow Walker Presentation
Blue Pill Rootkit
Rustock and Advances in Rootkits
GMER Rootkit Detection Tool
"Rustock DDoS Attack" by Joe Stewart
RKUnhooker Rootkit Detection Tool created by authors of Unreal.A rootkit
Office Documents containing a rootkit (Trojan.PPDropper.F)
Office Documents containing a rootkit (Backdoor.Ginwui.E)
Authentium defeats Patchguard
Uninformed Analysis of Patchguard
Uninformed Analysis of Patchguard
Kernel-mode Code Signing Policy Overview
Restricted Access to \Device\PhysicalMemory
AskStrider
System Virginity Verifier (SVV)
AutoRuns for Windows
BootExecute
Hacker Defender: Remote Rootkit Scanner for Windows
WinObj v2.15
Vitriol Rootkit at BlueHat
Attachment Manager API
Streams v1.56