|
-
- 1
-
AMD. AMD64 Architecture Programmer's Manual Volume 2: System Programming. Dec, 2005.
- 2
-
Anonymous Hacker. Xbox 360 Hypervisor Privilege Escalation Vulnerability. Bugtraq. Feb, 2007. http://www.securityfocus.com/archive/1/461489
- 3
-
Blanset, David et al. Dual operating system computer.
Oct, 1985. http://www.freepatentsonline.com/4747040.html
- 4
-
Brown, Ralf. Pentium Model-Specific Registers and What They Reveal.
Oct, 1995. http://www.rcollins.org/articles/p5msr/PentiumMSRs.html
- 5
-
Butler, James and Sherri Sparks. Windows Rootkits of 2005.
Nov, 2005. http://www.securityfocus.com/infocus/1850
- 6
-
Cerrudo, Cesar. Microsoft Windows Kernel GDI Local Privilege Escalation.
Oct, 2004. http://projects.info-pull.com/mokb/MOKB-06-11-2006.html
- 7
-
CIAC. E-34: One_half Virus (MS-DOS).
Sep, 1994. http://www.ciac.org/ciac/bulletins/e-34.shtml
- 8
-
Conover, Matt. Malware Profiling and Rootkit Detection on Windows.
2005. http://xcon.xfocus.org/xcon2005/archives/2005/Xcon2005_Shok.pdf
- 9
-
Duflot, Loïc. Security Issues Related to Pentium System Management Mode.
CanSecWest, 2006. http://www.cansecwest.com/slides06/csw06-duflot.ppt
- 10
-
Ellch, John et al. Exploiting 802.11 Wireless Driver Vulnerabilities on Windows.
Jan, 2007. http://www.uninformed.org/?v=6&a=2&t=sumry
- 11
-
Firew0rker, the nobodies. Kernel-mode backdoors for Windows NT.
Phrack 62. Jan, 2005. http://www.phrack.org/issues.html?issue=62&id=6#article
- 12
-
fuzen_op. SysEnterHook.
Feb, 2005. http://www.rootkit.com/vault/fuzen_op/SysEnterHook.zip
- 13
-
Garfinkel, Tal. Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools.
http://www.stanford.edu/~talg/papers/traps/traps-ndss03.pdf
- 14
-
Gassoway, Paul. Discovery of kernel rootkits with memory scan.
Oct, 2005. http://www.freepatentsonline.com/20070078915.html
- 15
-
Gulbrandsen, John. System Call Optimization with the SYSENTER Instruction.
Oct, 2004. http://www.codeguru.com/Cpp/W-P/system/devicedriverdevelopment/article.php/c8223/
- 16
-
Heasman, John. Implementing and Detecting an ACPI BIOS Rootkit.
BlackHat Federal, 2006. https://www.blackhat.com/presentations/bh-federal-06/BH-Fed-06-Heasman.pdf
- 17
-
Heasman, John. Implementing and Detecting a PCI Rootkit.
Nov, 2006. http://www.ngssoftware.com/research/papers/Implementing_And_Detecting_A_PCI_Rootkit.pdf
- 18
-
Hoglund, Greg. Kernel Object Hooking Rootkits (KOH Rootkits).
Jun, 2006. http://www.rootkit.com/newsread.php?newsid=501
- 19
-
Hoglund, Greg. A *REAL* NT Rootkit, patching the NT Kernel.
Phrack 55. Sep, 1999. http://phrack.org/issues.html?issue=55&id=5
- 20
-
Hoglund, Greg and James Butler. Rootkits: Subverting the Windows Kernel. 2006. Addison-Wesley.
- 21
-
Hunt, Galen and Doug Brubacher. Detours: Binary Interception of Win32 Functions. Proceedings of the 3rd USENIX Windows NT Symposium, pp. 135-143. Seattle, WA, July 1999. USENIX.
- 22
-
Intel. 2.1.2 The Intel 286 Processor (1982).
Intel 64 and IA-32 Architectures Software Developer's Manual. Denver, Colorado: Intel, 34. http://www.intel.com/products/processor/manuals/index.htm.
- 23
-
Intel. IA-32 Intel Architecture Software Developer's Manual Volume 3: System Programming Guide.
Sep, 2005.
- 24
-
Jack, Barnaby. Remote Windows Kernel Exploitation: Step into the Ring 0.
Aug, 2005. http://www.blackhat.com/presentations/bh-usa-05/BH_US_05-Jack_White_Paper.pdf
- 25
-
Kasslin, Kimmo. Kernel Malware: The Attack from Within.
2006. http://www.f-secure.com/weblog/archives/kasslin_AVAR2006_KernelMalware_paper.pdf
- 26
-
Kdm. NTIllusion: A portable Win32 userland rootkit [incomplete].
Phrack 62. Jan, 2005. http://www.phrack.org/issues.html?issue=62&id=12&mode=txt
- 27
-
M. B. Jones. Interposition agents: Transparently interposing user code at the system interface.
In Symposium on Operating System Principles, pages 80-93, 1993. http://www.scs.stanford.edu/nyu/04fa/sched/readings/interposition-agents.pdf
- 28
-
Mythrandir. Protected mode programming and O/S development.
Phrack 52. Jan, 1998. http://www.phrack.org/issues.html?issue=52&id=17#article
- 29
-
PaX team. PAGEEXEC.
Mar, 2003. http://pax.grsecurity.net/docs/pageexec.txt
- 30
-
Plaguez. Weakening the Linux Kernel.
Phrack 52. Jan, 1998. http://www.phrack.org/issues.html?issue=52&id=18#article
- 31
-
Prasad Dabak, Milind Borate, and Sandeep Phadke. Hooking Software Interrupts.
Oct, 1999. http://www.windowsitlibrary.com/Content/356/09/1.html
- 32
-
Rutkowska, Joanna. System Virginity Verifier.
http://invisiblethings.org/tools/svv/svv-2.3-src.zip
- 33
-
Rutkowska, Joanna. Rookit Hunting vs. Compromise Detection.
BlackHat Europe, 2006. http://invisiblethings.org/papers/rutkowska_bheurope2006.ppt
- 34
-
Rutkowska, Joanna. Introducing Stealth Malware Taxonomy.
Nov, 2006. http://invisiblethings.org/papers/malware-taxonomy.pdf
- 35
-
Silvio. Shared Library Call Redirection Via ELF PLT Infection.
Phrack 56. Jan, 2000. http://www.phrack.org/issues.html?issue=56&id=7#article
- 36
-
skape and Skywing. Bypassing PatchGuard on Windows x64.
Uninformed Journal. Jan, 2006. http://www.uninformed.org/?v=3&a=3&t=sumry
- 37
-
Skywing. Subverting PatchGuard version 2.
Uninformed Journal. Jan, 2007. http://www.uninformed.org/?v=6&a=1&t=sumry
- 38
-
Skywing. Anti-Virus Software Gone Wrong.
Uninformed Journal. Jun, 2006. http://www.uninformed.org/?v=4&a=4&t=sumry
- 39
-
Skywing. Programming against the x64 exception handling support.
Feb, 2007. http://www.nynaeve.net/?p=113
- 40
-
Soeder, Derek. Windows Expand-down Data Segment Local Privilege Escalation.
Apr, 2004. http://research.eeye.com/html/advisories/published/AD20040413D.html
- 41
-
Sparks, Sherri and James Butler. Raising the Bar for Windows Rootkit Detection.
Phrack 63. Jan, 2005. http://www.phrack.org/issues.html?issue=63&id=8
- 42
-
Trusted Computing Group. Trusted Computing Group: Home.
https://www.trustedcomputinggroup.org/home
- 43
-
Trusted Computing Group. TPM Specification.
https://www.trustedcomputinggroup.org/specs/TPM/
- 44
-
Welinder, Morten. modify_ldt security holes.
Mar, 1996. http://lkml.org/lkml/1996/3/6/13
- 45
-
Wikipedia. Call gate.
http://en.wikipedia.org/wiki/Call_gate
|