Journals

CodeBreakers Journal
Assembly Programming Journal

Journal Issues

Vol.5, No.1, 2008
Vol.4, No.2, 2007
Vol.4, No.1, 2007
Vol.3, No.2, 2006
RECON2006 Conf. Proc.
Vol.3, No.1, 2006
RECON2005 Conf. Proc.
Vol.2, No.1, 2005
Vol.1, No.2, 2004
Vol.1, No.1, 2004

Statistics

Members: 1925
News: 293
Web Links: 1
Visitors: 3821662

Who's Online

Damn Vulnerable LinuxDamn Vulnerable Linux (DVL) is a Linux-based (modified Damn Small Linux) tool for IT-Security & IT-Anti- Security and Attack & Defense. [CLICK HERE FOR MORE INFOS! ]

Featured Conference Video

T16-Recon2006-Joe_Stewart-OllyBonE.gif OllyBone - Semi-Automatic Unpacking on IA-32. View the conference video here!
Home arrow Articles - Black Hat Methods arrow Reverse Code Engineering arrow Invisibility on NT boxes - How to become unseen on Windows N
Invisibility on NT boxes - How to become unseen on Windows N
User Rating: / 0
PoorBest 
Written by Holy Father   
Side Story
VX Reversing III – Yellow Fever (Griyo 29a)

This article provides an in-depth analysis of the I-Worm "win32.YellowFever", by "Griyo29A". This is a proof of concept virus, meaning it has very sophisticated features which are very hard to find in the wild. Our analysis includes: a step-by-step guide to debug it and the construction of a bait file, which we use to run it under a controlled environment. Since the virus has not been spread there is no similar description published by the Anti-Virus companies.

Read More >>



This document is about technics of hiding objects, files, services, processes etc. on OS Windows NT. These methods are based on hooking Windows API functions which are described in my document ”Hooking Windows API”. Everything here was get from my own research during writing rootkit code, so there is a chance it can be written more effectively or it can be written much more easily. This also involve my implementation. Hiding arbitrary object in this document mean to change some system functions which name this object in the way they would skip its naming. In the case this object is only return value of that function we would return value as the object does not exist. Basic method (excluding cases of telling different) is that we would call original function with original arguments and then we would change its output. In this version of this text are described methods of hiding files, processes, keys and values in registry, system services and drivers, allocated memory and handles.
Download: pdf Invisibility on NT boxes - How to become unseen on Windows N