Kernel Sockets Module based on TDI and WSK
Nostalgia: n00bk1t, an advanced ring3 rootkit in C
TDL3 - Why so serious? Let's put a smile on that face ..
Access token stealing on Windows
One safe hook handler - E8 Method, paper
Network Programming Interface of Windows Vista/2008: internals, using and hacking
Implementing SMM PS/2 Keyboard sniffer
Windows Auxiliary API library - Internals
CodeWalker: Another AntiRootkit Tool
Interrupt Descriptor table explained.
Hide your SSDT hooks
How Memory Analysis Works to Perform Integrity Checking
CsrWalker - using csrss as rkdetector
Rootkit Unhooker v3.8 It's Past, Present and Future of the NTx86 Rootkit Detection
[download]The Most Powerful BotNet attacker------icepoint