http://www.hpl.hp.com/techreports/2005/HPL-2005-87.pdf
Feel free to forward this to your SANS presenter. :-) Laura > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Thursday, July 27, 2006 8:34 AM > To: [email protected] > Subject: API hooking > > Can the API and Process hooks be avoided if the means by > which it happens use some form of encryption. Can shatter > attack be prevented if the kernel knows identity of the > action occurring. If so, then the local Root kit's or > attacker's residing locally can spoof the identity. How are > these planned to be prevented in future. > > > Kind Regards, > > Shyaam > > -------------------------------------------------------------- > ------------- > -------------------------------------------------------------- > ------------- > --------------------------------------------------------------------------- ---------------------------------------------------------------------------
