Rootkits (Part 5): Inline Function Patching -- Detours

Inline function patching (also known as "detours") is a technique employed by user-mode rootkits to hide their presence on an infected system. In this video, Sourcefire Chief Scientist, Zulfikar Ramzan, describes the mechanics of this technique. This video is the fifth in a multi-part series on rootkits. For a comprehensive list of chalk talks, please visit http://sourcefire.com/chalktalks

• #science_technology
• #inline_function_patching