Kernel Rootkit

[WhiroDev]

I'm currently starting writing a kernel mode rootkit mostly for the use of learning but would anyone be intrested, or suggest any features.
I'm using C++ to write it

Please feel free to message my telegram for anymore information: @word_ptr

​

 

[varwar]

Что это вообще делает в торговом разделе? Цены и внятного предложения нет.

 

[WhiroDev]

Что это вообще делает в торговом разделе? Цены и внятного предложения нет.

sorry I didn't know where to put it.

 

[WhiroDev]

It is not so easy from the beginning and it does not depend on you, but on external factors. You can write it, let's say, however, the OS kernel itself has its own protection mechanisms, e.g: KPP (Kernel Patch Protection or PatchGuard), signature checking, etc. And the most "normal" way to get rid of all this: patching during kernel booting (early-boot phase). More precisely, even before it is loaded into memory (the kernel is not necessarily unloaded first + multiprocessor kernel is initially loaded).
You can write it, I think, but external factors prevent you from using or selling it properly, unfortunately.

I do agree and if I were to sell it the bypassing windows loader would be their issue. I'm mostly asking for features or cool stuff to write for it, I'm in the process of learning and have written my first fully functioning kernel driver

 

[varwar]

I'm mostly asking for features or cool stuff to write for it, I'm in the process of learning and have written my first fully functioning kernel driver

You can look at BlackHat Rootkits course overview and implement some of the mentioned features, described here.
Or if you live in the US just take that course and leak the materials here =D

sorry I didn't know where to put it.

Create a topic in this section /forums/65/.