As much as we are huge fans of userland rich application backdoors <http://www.immunityinc.com/movies/ThunderbirdBackdoor_last.mp4>, there are times when you want something in the kernel. To this effect, Immunity has recently updated our MS11_032 local kernel exploit (which works on all Windows versions), to turn off Code Integrity <http://technet.microsoft.com/en-us/library/dd348642%28WS.10%29.aspx>, which is the Windows feature that disallows unsigned drivers from loading (on x64 Windows 7 SP1).
If you're interested in this sort of thing, I highly recommend you drink your morning coffee and check out this movie: http://www.immunityinc.com/movies/MS11_032_HCN_ROOTKIT_64.mov Thanks, Dave Aitel Immunity, Inc.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
