GitHub - Darkabode/zerokit: Zerokit (GAPZ rootkit)
source link: https://github.com/Darkabode/zerokit
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
README.md
Intro
Original project name is ZEROKIT.
Somewhere in sources you can find sig ZPAG. It's mean: Zerokit Powerful As Gog. What is in little-endian mean: GAPZ.
Warning
The purpose of the project is not to stimulate malicious projects, but only laid out for the community concerned for academic purposes.
I am not responsible for the malicious use of this code, neither before nor now nor in the future.
It's my own research and development during 2010-2012 years. But some parts, like PowerLoader is not mine.
Whitepapers and articles
- https://www.welivesecurity.com/wp-content/uploads/2013/04/gapz-bootkit-whitepaper.pdf
- https://recon.cx/2013/slides/Recon2013-Aleksandr%20Matrosov%20and%20Eugene%20Rodionov-Reconstructing-Gapz%20Position-Independent%20Code%20Analysis%20Problem.pdf
- https://www.welivesecurity.com/wp-content/uploads/2013/05/CARO_2013.pdf
- https://www.virusbulletin.com/uploads/pdf/conference/vb2014/VB2014-RodionovMatrosov.pdf
- https://www.sba-research.org/wp-content/uploads/publications/Bootkit_EuroSec_2014.pdf
- https://habr.com/ru/company/eset/blog/169131/
- https://habr.com/ru/company/eset/blog/174169/
- https://habr.com/ru/company/eset/blog/175911/
References
(c) 2019 Thank you!
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK