Dear readers, how are you? Five quick and good articles from different sources follow:
- WMI object correlation using “associators of”: http://www.exploit-monday.com/2015/12/wmi-object-correlation-using.html
- Thriving Beyond The Operating System: https://www.fireeye.com/blog/threat-research/2015/12/fin1-targets-boot-record.html
- CodeShield: http://www.acsac.org/2012/openconf/modules/request.php?module=oc_program&action=view.php&a=&id=185&type=4
- Kernel Based Monitoring on Windows 32/64 bits: http://www.bitnuts.de/KernelBasedMonitoring.pdf
- XML Secure Code: http://resources.infosecinstitute.com/xml-secure-coding/
Have a nice day.
Alexandre Borges
(LinkedIn: http://www.linkedin.com/in/aleborges and Twitter: @ale_sp_brazil)
Filed under: Links Tagged: Bootkit, infection, Kernel, Secure Code, WMI, XML