Rootkits (Part 4): Import Address Table Hooking

Import Address Table (IAT) hooking is a technique employed by user-mode rootkits to hide their presence on an infected system by modifying code execution paths and transferring control to malicious code. In this video, Sourcefire Chief Scientist, Zulfikar Ramzan, describes the mechanics of this technique. This video is the fourth in a multi-part series on rootkits. For a comprehensive list of chalk talks, please visit http://sourcefire.com/chalktalks.

• #science_technology
• #rootkits