Hi,
I am conducting research on forensic analysis of firware level rootkits . Since the rootkits are implemented at the hardware it is difficult to detect. There is a brand new rootkit which the autor claim the rootkit uses the zero day vulnerability in win32k.sy . https://github.com/Cr4sh/WindowsRegistryRootkit#readme
Can anyone please share with me how to identify the existence of firmware level rookits on victim computers ?
Thank you
↧