Welcome all to another paper from KD-Team. This time the paper is about a new way of looking at how you can detect the presence of a rootkit on a system mostly targeted at the windows operating system. Like you have probably noticed on our site we have posted alternate ways of detecting a rootkit. Both of the ways where just a simple brute force on a function that hadn’t been hooked by the rootkit. You can find them both in the tool section of our site named “Detect Con” and “Detect Proc”. Like you have already guessed, these methods are not full proof.
This document is in PDF format. To view it click here.