tl;dr: This write-up dissects a newly discovered rootkit targeting Windows 11. We explore its DKOM techniques for process unlinking and how it hooks the SSDT to hide malicious network traffic.
> Analyzing a Kernel-Mode Rootkit: Part 1