| With the development of computer network, more and more network attacks happened around us, such as local network infiltration, privacy information stolen and so on. Also in information security area, attack and defense technology are accelerating the development of each other. Attacker use Rootkit technology to keep the continuing control of the computer, and also it can help attacker to hide the backdoor soft. Rootkit technology is first used in UNIX system and then in many other operating system. Now, Rootkit in Win32 environment is most widely researched. Rootkit is a kind of hack technology, we must research it in order to defense it better.According to the invasion level to operating system, Rootkit is classified into application-level Rootkit and kernel-level Rootkit. In contrast, application-level Rootkit just works in user-mode, but kernel-level Rootkit attack the kernel of operating system. So it's more difficult to find the kernel-level Rootkit in system. We will make research on kernel-level Rootkit in this paper. This paper describes the structure of Windows operating system and the theory of system kernel which is related to Rootkit technology. And then, I give several Rootkit attack methods, include hook SSDT table, filter driver, kernel object manipulation. This paper describes the theory of each attack method and discusses the implementation of these methods. HIPS is a new defense technology to protect system from unknown virus and backdoors. This paper analyzes the theory of HIPS and discusses the implementation of methods to bypass HIPS. Windows Vista is a new operating system. This paper introduces some new security technology used by Microsoft in Vista and discusses the strategy to bypass them. I realize all the Rootkit technology mentioned in the paper and result of the experiments indicates that these Rootkit technologies take good effect. |
PDF Full Text Request