Some thoughts about Windows Userland Rootkits

Rootkits are tools and techniques used to hide malicious modules from being noticed by system monitoring. Usually this kind of techniques involves kernel modifications, but (especially on windows systems) appear also in user-mode context, but still enabled to hiding their processes, injected modules, registry keys, files, window, handles etc. User-mode rootkits are not as stealthy…

Article Link: https://www.andreafortuna.org/dfir/malware-analysis/some-thoughts-about-windows-userland-rootkits/