GhostHook :Bypass PatchGuard with Processor Trace-Based Hoo

Discussion on reverse-engineering and debugging.
Post Reply
TechLord
Posts: 19
Joined: Tue Jun 16, 2015 6:15 am

GhostHook :Bypass PatchGuard with Processor Trace-Based Hoo

Post by TechLord » Sun Feb 18, 2018 4:19 am

GhostHook – Bypassing PatchGuard with Processor Trace Based Hooking

I know that its a little old but decided to post it anyway since it was not found posted here.

Hooking techniques give you the control over the way an operating system or a piece of software behaves. Some of the software that utilizes hooks include: application security solutions, system utilities, tools for programming (e.g. interception, debugging, extending software, etc.), malicious software (e.g. rootkits) and many others.

Summary:
The GhostHook technique discovered can provide malicious actors or information security products with the ability to hook almost any piece of code running on the machine

Full Article here :
https://www.cyberark.com/threat-researc ... d-hooking/

Post Reply