Rootkits
Userland
patching, import address Table, inline
Kernel
IDT, SSDT, Direct Kernel Object Modification (DKOM), Driver IRP
Mitigations include: PatchGuard and Driver Signature Enforcement
Hypervisor bootkits
Boot Sector, MBR/ GPT, VBR
Firmware & Hardware
UEFI, Microcontroller, Hard Drive
TPM reduced
very rare
Last updated