Technical Papers
We intend to post papers on rootkits, malware, operating system components and any other interesting things that we run into in this section. We plan to constantly be updating it with the newer papers describing the techniques used in Helios.
- Hidden Process Detection using the PspCidTable
This paper describes how the PspCidTable, a handle table in the Windows kernel, can be parsed to obtain information about the processes running on the system. This process list could be used for a cross-view scan of the system to find hidden processes. - Detection of Rootkits in the File System
This paper contains a description of the structures used to parse the NTFS file system and how a cross-view scan of the entire hard disk could be performed to detect rootkits. - Detection of Rootkits in the Windows Registry
This paper contains a description of the structures used to parse the Windows registry and how they can be used in cross-view detection of rootkits. - Helios Technology Whitepaper
This paper contains a description of some of the most common techniques used by rootkits to hide their presence on the system and some of the methods that could be used to detect them.
posted by Helios Dev Team at 4:42 AM
0 Comments:
Post a Comment
<< Home