I've spent the last few months putting together a guide on modern rootkits for SANS. It's published in draft form here: https://www.sans.org/score/rootkits_investigation_procedures.php But before I call it done, I want to throw it out to the community for comments and corrections. Its a practical guide so I don't bother with the latest and greatest proof of concept or spend time on what-ifs, just real rootkits in the wild. If you find any factual errors please let me know, or if you think I've left something out.
Brian _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
