Sourcefire

Rootkits (Part 4): Import Address Table Hooking

Import Address Table (IAT) hooking is a technique employed by user-mode rootkits to hide their presence on an infected system by modifying code execution paths and transferring control to malicious code. In this video, Sourcefire Chief Scientist, Zulfikar Ramzan, describes the mechanics of this technique. This video is the fourth in a multi-part series on rootkits.

RunTime - 12:09

Uploaded - 18 Jul 2013

 

 
©2014 Cisco and/or its affiliates. All rights reserved.