Introduction

This page is the central hub of my series “Rootkit Bootkit” (the name is inspired by Oogie Boogie), documenting and analyzing the evolution and underlying principles of different rootkits and bootkits.

The series aims to:

• understand how rootkits and bootkits work
• analyze their implementation details through reverse engineering
• study the techniques they use to evade detection
• explore real-world malware case studies

This page will be continuously updated as new research is added.

Roadmap

• Rootkits
  • TDL3
  • Festi
• Bootkits
  • Petya
  • NotPetya
  • TDL4
• Related Technologies
  • ELAM (Early Launch Anti-Malware)
  • UEFI Boot Process
  • Secure Boot

Articles

Rootkits & Bootkits	Article
Petya	Analyzing Petya
NotPetya	Analyzing NotPetya

Supplement

Tutorials for Malware Analysis

• How to Setup Your Experimental Environment for Malware Analysis
• Installing VMware Tools on Windows XP and Windows 95 with VMware WorkStation 17

Related Articles

• OpenPetya: A Proof-of-Concept of Petya Ransomware

THANKS FOR READING!