Jump to content
Tuts 4 You

Win 10 64-bit MBR Bootkit


Recommended Posts

Working on a bootkit rootkit for Win 10 64-bit MBR versions

All checksums and digital sig verifications have been bypassed

Dump all modifications as it goes along

This is completed Stage 1:

1) access bootmgr (compressed) via volume mount WMI API avoiding mounts

2) decompress bootmgr -> obtaining bootmgr.exe

3) patch the digital sig verifier

4) sig the exe with This program cannot be ran in ZZZ mode

5) patch the PE header checksum location with proper checksum

6) re-compress the bootmgr.exe -> bootmgr

7) overwrite the OS default bootmgr


Ill explain more later, im tired

File password: infected


  • Like 1
Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...