fr33project

notes

languages

English / Ingles

Spanish / Español

sections

advisories / exploits

Notes

Written by David Reguera García

Saturday 2 June 2007

Name	Description
Rootkit Arsenal Installing a Call Gate English POST - SPANISH POST CLICK HERE	Hi, I was reading the book “The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System” and I'd like to qualify a few things about the chapter “Hooking the GDT - Installing a Call Gate”. A PoC driver is included at the end of the article that supports WalkGDT for multiple COREs. This is the mirror of my post published in: http://blog.48bits.com/2010/01/08/rootkit-arsenal-installing-a-call-gate/
Generating any DLL for PEB Hooking or replacing in disk, binary form	My original post published at: http://www.rootkit.com/ blog.php?newsid=988
UnderstandPhooks Internals	http://0vercl0k.blogspot.com/2009/05/ understand-phooks-internals.html for the work about the phook - the peb hooker project.
Understanding WinXPSP2.Cermalus	src of the malware (with headers modified): WinXPSP2.Cermalus.zip
interface shellcode	“shellcode” proof interface inside a C array.
hardening	Notes to do fast hardening at home server (is incomplete).
atomix exploit adaptation	Milw0rm 2873 exploit adaptation.
bhats	Everything that has been done at the course bhats canceled.
mwntlc	Example ported to C using the token of SYSTEM in win32, using the native API: ZwCreateToken. Also an inyector is included for the LSASS process, using similar methods like the ones on piathook.

Last update ( Saturday 2 june 2007 )