aka rkhunter, security/malware researcher


Stuff that you probably can't find anywhere else

Articles about advanced windows internals [NTInside.zip] [NTInside_Part2.zip]
Collection of articles about advanced rootkit techniques since 2006 [articles_rootkit.zip]
POS malware technical analysis by iSIGHT Partners [link]
Virtual Machines Detection Enhanced by rinn & EP_X0FF [link]
Snake campaign & cyber espionage toolkit by BAE Systems [link]
Uroburos: the snake rootkit by deresz & tecamac [link]


2014

Windows exploitation in 2013 - http://www.welivesecurity.com/2014/02/11/windows-exploitation-in-2013/

2013

Sality rootkit analysis - http://artemonsecurity.blogspot.com/2013/01/sality-rootkit-analysis.html

2012

Necurs rootkit under microscope - http://artemonsecurity.blogspot.com/2012/12/necurs-rootkit-under-microscope.html
Zegost - analysis of the Chinese backdoor - http://artemonsecurity.blogspot.com/2012/12/zegost-analysis-of-chinese-backdoor.html
Analysis of VirTool:WinNT/Exforel.A rootkit - http://artemonsecurity.blogspot.com/2012/12/analysis-of-virtoolwinntexforela-rootkit.html
TDI - a new element in old tdss story - http://artemonsecurity.blogspot.com/2012/10/tdi-new-element-in-old-tdss-story.html
OnlineGameHack analysis - http://artemonsecurity.blogspot.com/2012/08/onlinegamehack-analysis-of-korean-games.html
Investigation an industrial rootkit incident - http://artemonsecurity.blogspot.com/2012/07/investigation-interesting-kernel-mode.html
Guntior bootkit analysis - http://artemonsecurity.blogspot.com/2012/07/guntior-detailed-analysis-of-chinese.html
ZeroAccess - new steps in evolution - http://artemonsecurity.blogspot.com/2012/06/zeroaccess-new-steps-in-evolution.html
Flame case - http://artemonsecurity.blogspot.com/2012/05/flamer-goes-itw.html

2011

Становление Windows NT - http://citforum.ru/operating_systems/windows/nt_history/

2009

TDL3 analysis (with Dr.Web team) [RU] - http://st.drweb.com/static/BackDoor.Tdss.565_(aka%20TDL3).pdf
Записки исследователя NTFS - http://citforum.ru/operating_systems/windows/ntfs/
Атака на кэш Windows - http://www.xakep.ru/magazine/xa/131/056/1.asp

2008

Невидимые LKM-атаки на Windows NT - http://www.xakep.ru/magazine/xa/103/064/4.asp
Windows XP VMM research papers [RU]
Включает в себя исчерпывающую информацию об алгоритмах работы диспетчера памяти: [memory_manager.zip]


Tools/PoCs

DRM project - consists of two parts: legacy FSD-filter with AVx features [blocking files operations] and keyboard sniffer [drm_project.zip]

NT kernels collection W2k-W8.1 [ntos_kernels.zip]
Hash list (MD5): ntos_hashes.txt

ntoskrnl structures collection (.h and .idc files) W2k-W7 [nt_structures.zip]


Malware

For AV-test and research purposes only [archives password protected]
Fresh ZBot collection (Jul-Aug 2012) including samples with anti-emu crypter that discussed here kernelmode [zbot.zip]
Fresh ZeroAccess/Sirefef collection (Jul-Aug 2012) - CLSID/Ea-Shellcode variant [zeroaccess.zip]
SpyEye collection (Feb 2012) - [spyeye.zip]
Reveton.A collection - [reveton.zip]

Twitter - https://twitter.com/artem_i_baranov
VT - https://www.virustotal.com/user/rkhunter/
Blog - http://artemonsecurity.blogspot.com/