Page 1 of 1

GhostHook :Bypass PatchGuard with Processor Trace-Based Hoo

PostPosted:Sun Feb 18, 2018 4:19 am
by TechLord
GhostHook – Bypassing PatchGuard with Processor Trace Based Hooking

I know that its a little old but decided to post it anyway since it was not found posted here.

Hooking techniques give you the control over the way an operating system or a piece of software behaves. Some of the software that utilizes hooks include: application security solutions, system utilities, tools for programming (e.g. interception, debugging, extending software, etc.), malicious software (e.g. rootkits) and many others.

Summary:
The GhostHook technique discovered can provide malicious actors or information security products with the ability to hook almost any piece of code running on the machine

Full Article here :
https://www.cyberark.com/threat-researc ... d-hooking/