Sourcefire

Rootkits (Part 5): Inline Function Patching -- Detours

Inline function patching (also known as "detours") is a technique employed by user-mode rootkits to hide their presence on an infected system. In this video, Sourcefire Chief Scientist, Zulfikar Ramzan, describes the mechanics of this technique. This video is the fifth in a multi-part series on rootkits.

RunTime - 10:15

Uploaded - 18 Jul 2013

 

 
©2014 Cisco and/or its affiliates. All rights reserved.