Jump to content
StoneIce

need snippets for ring 3 (usermode rootkit)

Recommended Posts

Posted (edited)

Hello,

Been on search for sources and snippets for user mode Rootkit, and most others for n00bkit, I didn't like the one for n00bkit, needing something simpler and the other one I saw was kernel mode, just for security purposes. Kindly assist me with that anyone

Edited by StoneIce
Posted

Ring 3 rootkits aren't publicly available, at least recent ones because they cost money, and prices aren't really cheap, getting near and sometimes over 1-1.5k$.

There are a few older examples on rohitab, but besides educational info, you won't get far with those either.

Posted (edited)

Ok, many thanks I managed to see a source code for n00bkit, and I think they used something like detours / api hooking to do the hooking part.

Since I have some knowledge of C, I decided to know if I am thinking correctly here as to using trampolines for api hooking

So when designing something like that, I should employ trampoline / api hook to do a user land rootkit? Is that correct? Kindly let me know

Thanks

Edited by StoneIce
Posted
Ok, many thanks I managed to see a source code for n00bkit, and I think they used something like detours / api hooking to do the hooking part.

Since I have some knowledge of C, I decided to know if I am thinking correctly here as to using trampolines for api hooking

So when designing something like that, I should employ trampoline / api hook to do a user land rootkit? Is that correct? Kindly let me know

Thanks

I'm not the best person to give you pointers mate, my understandment of C is still very low, i'm just familiar with the terms.

There is a github with some malware sources and pos malwares put together, in one of them, Alina i think, there is a rootkit. No idea how advanced it is, but it could put you in the right direction.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...