It seems that the bootstrap code is just scattered around various memory addresses and there’s no simple way to dump all of it, so i
Before we get started with part 3, I have a few updates regarding part 1 & 2. I’ve found that the reset pad on the
I’ve not been doing much in the windows malware world for a while now, because quite frankly I’ve run out of ideas and I’m totally
Now that everything is ready to be connected, power up the hard drive an run openocd with the following command: openocd -f interface/<your interface here>.cfg
Usually I don’t post things like this, but because KiFastSystemCall hooking only works on x86 systems and doesn’t work on Windows 8 or above, it
Before we start it’s probably best to explain some things: Signature – A pattern of bytes used by an antivirus to identify malicious executables, this
Getting Original Pointers XP is a little more complicated than newer systems due to the use of a single driver for both port and miniport;
DriverStartIo As I explained in the previous article: DriverStartIo is used by older miniports to actually perform the disk I/O, it takes 2 parameters (a
Recently I got the idea to play around with bypassing bootkit disk filters from an email i received, which highlighted that my MBR spoofing code
As the past has show us, cybercriminals are not the most trustworthy people when it come to holding valuable sources, and it looks like we’re