Paper: Hunting rootkits with Windbg
Here are the slides to my talk "Hunting rootkits with Windbg" at the Ruhr University of Bochum yesterday. I'll introduce several ways to find well known rootkits like Rustock or TDL Versions 3+4 with Windbg and scripts. Enjoy!
http://www.reconstructer.org/papers/Hunting rootkits with Windbg.pdf
The Windbg script shown in the slides to grab Kernelcallbacks can be found here: