PC Protection - Rootkit Arsenal

DSM

Well-Known Member
#1
Has any body read the book The Rootkit Arsenal by Bill Blunden. It's byline says: Escape and Evasion in the Dark Corners of the System, and its described as a book on how to create a Rootkit which can't be detected by the Antivirus or Security tools.

If somebody has read this book, would like to know if it can be understood and used in a practical manner by a lay and not too technical reader.? Thanks.
 
#3
Has any body read the book The Rootkit Arsenal by Bill Blunden. It's byline says: Escape and Evasion in the Dark Corners of the System, and its described as a book on how to create a Rootkit which can't be detected by the Antivirus or Security tools.

If somebody has read this book, would like to know if it can be understood and used in a practical manner by a lay and not too technical reader.? Thanks.
I have not read his book, but I know that what you talk about (Rootkit in the Dark Corners of any System) can be reality and is used specially from secret services and hackers. And those are real pros which know all the tricks.
 

TracerBullet

Well-Known Member
#4
i dont use it, but UEFI secureboot is i think meant to prevent stuff like this.
I dont know how effective it is and ofc you cant do anything about possible backdoors built-in to the OS itself ( dont know if true)

I doubt non technical user can create a rootkit (unless he is using tools that do the actual work) - You need to create drivers and stuff. Here from the article on types of rootkits. Bios rootkits are funny stuff, god knows how they manage this but people can be very ingenious

"Different types of rootkits load during different phases of the startup process:

Firmware rootkits. These kits overwrite firmware of the PC’s basic input/output system or other hardware so the rootkit can start before Windows.
Bootkits. These kits replace the operating system’s bootloader (the small piece of software that starts the operating system) so that the PC loads the bootkit before the operating system.
Kernel rootkits. These kits replace a portion of the operating system kernel so the rootkit can start automatically when the operating system loads.
Driver rootkits. These kits pretend to be one of the trusted drivers that Windows uses to communicate with the PC hardware."
 
Last edited:

Similar threads