GhostHook – Bypassing PatchGuard with Processor Trace Based Hooking
I know that its a little old but decided to post it anyway since it was not found posted here.
Hooking techniques give you the control over the way an operating system or a piece of software behaves. Some of the software that utilizes hooks include: application security solutions, system utilities, tools for programming (e.g. interception, debugging, extending software, etc.), malicious software (e.g. rootkits) and many others.
Summary:
The GhostHook technique discovered can provide malicious actors or information security products with the ability to hook almost any piece of code running on the machine
Full Article here :
https://www.cyberark.com/threat-researc ... d-hooking/
I know that its a little old but decided to post it anyway since it was not found posted here.
Hooking techniques give you the control over the way an operating system or a piece of software behaves. Some of the software that utilizes hooks include: application security solutions, system utilities, tools for programming (e.g. interception, debugging, extending software, etc.), malicious software (e.g. rootkits) and many others.
Summary:
The GhostHook technique discovered can provide malicious actors or information security products with the ability to hook almost any piece of code running on the machine
Full Article here :
https://www.cyberark.com/threat-researc ... d-hooking/
