Glad to present my deep dive into Windows rootkit families from early concepts to the latest sophisticated instances. This is an attempt to summarize information about them and highlight the Windows Internals tricks they leverage to achieve the necessary goals. The document includes a lot of links to information sources that cover the necessary Windows Internals knowledge and rootkit TTPs, so if u're not familiar with the topic, u can learn it from scratch. The link to the pdf is below.
↧