Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 13:05:20 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1133741621&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2Fpapers%2Fattack%2Fdotnetrookits.pdf%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1133741621.1338210320.1338210320.1338210320.1%3B%2B__utmz%3D32867617.1338210320.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/71932/dotnetrookits.pdf http://packetstormsecurity.org/files/71932/dotnetrookits.pdf http://packetstormsecurity.org/files/71932/dotnetrookits.pdf.html Fri, 14 Nov 2008 00:34:04 GMT .NET Framework Rootkits - This whitepaper covers various ways to develop rootkits for the .NET framework, so that every EXE/DLL that runs on a modified Framework will behave differently than what it's supposed to do. Code reviews will not detect backdoors installed inside the Framework since the payload is not in the code itself, but rather it is inside the Framework implementation. Writing Framework rootkits will enable the attacker to install a reverse shell inside the framework, to steal valuable information, to fixate encryption keys, disable security checks and to perform other nasty things as described in this paper.