These days, it’s rare to catch a new and innovative rootkit or bootkit in the wild. Most malware threats have migrated to user mode because modern security technologies have rendered old rootkits and bootkit methods obsolete. Security methods like Microsoft’s Kernel-Mode Code Signing Policy, PatchGuard, Virtual Secure Mode (VSM), and Device Guard create limitations for kernel-mode code modifications and raise the threshold of complexity for kernel-mode rootkit development.

The move to UEFI-based systems and spread of the Secure Boot scheme have changed the landscape of bootkit development, increasing development costs ...

Get Rootkits and Bootkits now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.