Rootkits and Bootkits

7BOOTKIT INFECTION TECHNIQUES

Having explored the Windows boot process, let’s now discuss bootkit infection techniques that target modules involved in system startup. These techniques are split into two groups according to the boot components they target: MBR infection techniques and VBR/Initial Program Loader (IPL) infection techniques. We’ll look at the TDL4 bootkit to demonstrate MBR infection, and then at the Rovnix and Gapz bootkits to demonstrate two different VBR infection techniques.

MBR Infection Techniques

Approaches based on MBR modifications are the most common infection techniques used by bootkits to attack the Windows boot process. ...

Get Rootkits and Bootkits now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Rootkits and Bootkits by Alex Matrosov, Eugene Rodionov, Sergey Bratus

7BOOTKIT INFECTION TECHNIQUES

MBR Infection Techniques

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly