OpenRCE

About Articles Book Store Distributed RCE Downloads Event Calendar Forums Live Discussion Reference Library RSS Feeds Search Users What's New

Customize Theme

Flag: Tornado! Hurricane!

Topic created on: October 19, 2009 16:14 CDT by Genius .

Hello there, want to know anti-rootkit techniques for writing an anti-rootkit software .
please give your advices .
and which language do you think is the best for writing an anti-rootkit ?
thnx .

sepulo		October 21, 2009 02:00.14 CDT
> Hello there, want to know anti-rootkit techniques for writing an anti-rootkit software . > please give your advices . ROOTKITS, Subverting the Windows Kernel By: Greg Hoglund and Jamie Butler http://www.rootkit.com/ > and which language do you think is the best for writing an anti-rootkit ? > thnx . Although it is totally system programming job that implies C/C++ but actually you are the one that can decide on, having an eye on your goals, extensibility, platform, architecture and design issues. Sepulo

Genius		October 22, 2009 06:14.06 CDT
Hello, thnx sepulo, yeah, I'm reading the greg's book on rootkits . but, in fact this book have topics that more related to writing and using techniques for producing Rootkits, but the things I want to know is anti(!) rootkit techniques . in fact a Programmer / Hacker like me that wants to write an anti-rootkit must know all aspect, both the intruder and the Good-Guy viewpoint . the rootkit book will give the reader the intruder aspect more the good-guy aspect . the last chapter introduced some anti-rootkit techniques but it's not enough . cheers , / Genius

aeppert		October 22, 2009 20:31.27 CDT
Generally speaking - knowing one half of the coin is the best you will do. It is, as they say, up to the reader to deduce the other half. If you know how someone is going to do something, you must plan and build your own defense and think through it like an attacker. Nature of the beast to a large extent.

cli3nt		October 23, 2009 05:52.57 CDT
Naturam rerum cognoscere primum. If you will know how to write good rootkit you will be able to defeat good rootkit.

Genius		October 23, 2009 15:33.22 CDT
yeah, both of you are right, I'm agree with you . well, I think first I must understand the full concepts of rootkits, so after wirte a rootkit (kernel mode) I can learn defense vectors as well, thnx .

arebc		October 23, 2009 17:55.44 CDT
I'd also recommend "The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System" by Bill Bluden. I'm reading through it right now and I find it very well written and thorough (908 pages). http://www.amazon.com/Rootkit-Arsenal-Escape-Evasion-Corners/dp/1598220616

Genius		October 25, 2009 15:00.15 CDT
yeah, I've been ordered this treasure ;) thnx .

Note: Registration is required to post to the forums.

There are 28,225 total registered users.

Recently Created Topics
Reverse Engineering ...	Jan/23
Career: DoD Agency I...	Jan/22
"Disappearing&q...	Jan/17
Career: Software Sec...	Jan/11
Where is the call st...	Jan/07
IDA Pro 6.1 Breakpoi...	Jan/01
How to create data s...	Dec/30
can i search all mod...	Dec/23
IDA symbol table exp...	Dec/20
An anti-attach trick	Dec/17

Recent Forum Posts
Reverse Engineering ...	NirIzr
"Disappearing&q...	NirIzr
Reverse Engineering ...	charlie
"Disappearing&q...	charlie
An anti-attach trick	Bass
An anti-attach trick	waleeda...
An anti-attach trick	Bass
An anti-attach trick	waleeda...
An anti-attach trick	Bass
Looking for value in...	NirIzr

Recent Blog Entries
	cmathieu	Feb/07
Hacker Carnival
	waleedassar	Feb/06
OllyDbg v1.10 And Hardware ...
	waleedassar	Jan/31
Yet Another Anti-Debug Trick
	RolfRolles	Jan/22
Finding Bugs in VMs with a ...
	waleedassar	Jan/13
An OllyDbg Bug Disables Sof...
More ...

Recent Blog Comments
	waleedassar on:	Feb/07
OllyDbg v1.10 And Hardware ...
	NirIzr on:	Feb/07
OllyDbg v1.10 And Hardware ...
	NirIzr on:	Feb/05
Yet Another Anti-Debug Trick
	trolotou on:	Feb/05
Doudoune Moncler -Pennies F...
	waleedassar on:	Feb/01
Yet Another Anti-Debug Trick
More ...

Imagery

SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit