Hi all, i wanna know what can be done using ssdt hooking as security measure or control? i found some listed below(please tell me if any of them wrong), do you know any other?
SSDT hooking will intercept all kernel requests, which is everything. unless the kernel itself is modifed or there is another “hidden OS” installed and set to boot silently, both of which require initial kernel requests to run, because any malicious code requires some kind of environment. the most ulikely method is a direct installation from your computer terminal, which is a personal security issue.