anyone seen the news on hxxp://www.rootkit.com ?



Code is published on their site, since so many ppl are interested in kernel dev lately, this will certainly be interesting to someone..

bonarez

the people who are interrested in this kind of code are already on rootkit.. no need to confront them kiddies with it. They only ask how to compile stuff

it's a very interesting development, valerino did very well to achieve this.

createprocess was easy to do in kernel anyway, i think more importantly is the ability to use any userland api.

that said, im sure we will see the driver startup method appearing in a few lame trojans soon

guess it was not really called for here, would have preferred irc, but cant seem to find any gso channel (looked on freequest)

bonarez

This is MUCH more then just a startup methode! There is no need for a standard .exe anymore. U could become insanely stealth because everything now can run in kernelland. This, in combination with IFS would kick so hard ass!

Whoei, i gotta run...gotta do coding...ow no wait, im already in place

ps. irc.governmentsecurity.org (6667) , #gso-chat is the gso hangout on irc