REGISTER
desert eagle
main menu

home

forums
    Show me new threads!

bookmarks

post article

view blogs

vault

you must be level 2 to upload files to your vault

downloads

you must be logged to access downloads

Rootkit Collection

File Contributer Link
Hacker Def... hfn/a
HE4Hook adminn/a
BASIC CLAS... hoglundn/a
Vanquish xshadown/a
NT Rootkit hoglundn/a
FU fuzen_opn/a
WinlogonHi... JeFFOsZn/a
klister joannan/a
Patchfinde... joannan/a
MyNetwork hoglundn/a
MTDWin hoglundn/a
NTFSHider hoglundn/a
VideoCardK... hoglundn/a
VICE fuzen_opn/a
Klog Clandestin...n/a
NtIllusion Kdmn/a
AFX Rootki... TheRealAph...n/a
SInAR vulndevn/a
Shadow Wal... Clandestin...n/a
BootRootki... dereksoede...n/a
CHAZ - Nim... neocrackrn/a
Clandestin... merlvingia...n/a
FUTo petersilbe...n/a
Windows Me... alcapone66...n/a
RAIDE petersilbe...n/a
BOOT KIT vipinkumarn/a
BluePill Joanna and...n/a
DEFRAG blume1975n/a
Keyboard H... chpien/a
CheatEngin... DarkByten/a

search the site

backends
A news back-end to implement RootKit news into your website is here or more advanced version here.

An XML/RSS feed that includes both NEWS and BLOGS for RootKit is here: XML/RSS.

[Valid RSS]

Beta feed for replied posts here. feedback to admins not forums, we know about times being off...

ROOTKIT
Share Your Old Stuff, Keep Your Good Stuff 		Saturday July 31st
Featured Article: Nostalgia: n00bk1t, an advanced ring3 rootkit in C    by jeffosz
TDL3 - Why so serious? Let's put a smile on that face ..
By: thug4lif3

Abstract:

TDL or TDSS family is a famous trojan variant for its effectiveness and active technical development. It contains couple compoments: a kernel-mode rootkit and user-mode DLLs which performs the trojan operation such as downloaders, blocking Avs, etc,. Since the rootkit acts as an “injector” and protector for the usermode bot binaries, almost all technical evolutions of this threat family focus on rootkit technology so as to evade AV scanners.

As in its name, TDL3 is 3rd generation of TDL rootkit which still takes its aims at convering stealthy existences of its malicious codes. Beside known features, this threats is exposed with a couple of impressive tricks which help it bypassing personal firewall and staying totally undetected by all AVs and ARKs at the moment. These aspects and techniques will be discussed in more detail in the sections that follow.


You can read the full detailed analysis of first TDL3 rootkit version which was pushed from several drive-by exploit websites in recent days in this PDF:

http://www.rootkit.com/vault/thug4lif3/tdl3_analysis_paper_ed.rar
password: tdl3_analysis

I hope this analysis would shed some light on darkest part of this brand new and truly effective & widespread rootkit/bot. I'm looking forward hearing feedback and discussion from you guys

Best Regards,

-Nguyen Pho Son aka thug4lif3

read comments (31) / write comment

recent comments:
TDL3 3.24 ITWDiabloNova02.Feb:13:44
more resourcegreenoaktree19.Jan:09:02
TDL3 3.23 ITWDiabloNova18.Jan:01:29
Sampleferumpost30.Dec:18:07
Sampleferumpost30.Dec:17:19
. . .

views: 18835   printer-friendly version

login:
password:
ROOTKITS, Subverting the Windows Kernel
By: Greg Hoglund and Jamie Butler

Rootkits are powerful tools to compromise computer systems without detection. Get the original and best book on the subject here.

logged users

active for last 5 minutes

registered users:79912

There are currently 0 registered users and 25 guests browsing the website.

Welcome our latest registered user: Pris

recent board posts
subject author date
Hiding Tcp... _MAX_ Jul / 27
unload dri... dubteam2000 Jul / 26
APC Delive... aall87 Jul / 21
x64 SSDT h... lolwurst Jul / 21
password r... markedu9 Jul / 19
How to hid... Hack4freedom Jul / 15
UNC PATH A... pain_abator Jul / 15
CALL in na... _MAX_ Jul / 13
Conflict b... _MAX_ Jul / 08
Making dev... blackd0t Jul / 06
Hide proce... l0ngshot Jul / 01
Process Ha... krzys Jul / 01
Rooting VP... simplicityx Jun / 24
Rootkits: ... chimai Jun / 24
NDIS Inter... lclee_vx Jun / 17

recently replied posts
subject author date
x64 SSDT h... vrtulex Jul/27
unload dri... EreTIk Jul/27
Hiding Tcp... _MAX_ Jul/27
BIOS Rootk... rossettoecioccolato Jul/25
about this... DiabloNova Jul/22
APC Delive... aall87 Jul/21
password r... markedu9 Jul/19
UNC PATH A... pain_abator Jul/19
How to hid... vrtulex Jul/16
CALL in na... _MAX_ Jul/16
Hide proce... vrtulex Jul/10
Conflict b... _MAX_ Jul/08
Making dev... blackd0t Jul/07

recent blog entries
DiabloNova Jul 31, 12:06
ghost1369 May 09, 04:30
DiabloNova May 08, 15:33
_4epen May 04, 15:42
DiabloNova May 02, 03:59
Best Screenshots / Analog
May 14, 2010

dep.png /

click on the picture to enlarge and see description

!

read comments (0)
write comment

view archive(90) :

Analog(53) / Best Screenshots(37)

submit a picture to gallery

the most active news users
based on the number of news posts for last 30 days

user nr. of posted news

select skin


Paranoia, Keeping us clothed and fed since _init(); - Archim