aka rkhunter, security/malware researcher

Stuff that you probably can't find anywhere else

Articles about advanced windows internals [NTInside.zip] [NTInside_Part2.zip]
Collection of articles about advanced rootkit techniques since 2006 [articles_rootkit.zip]
POS malware technical analysis by iSIGHT Partners [link]
Virtual Machines Detection Enhanced by rinn & EP_X0FF [link]
Snake campaign & cyber espionage toolkit by BAE Systems [link]
Uroburos: the snake rootkit by deresz & tecamac [link]
Malware Instrumentation Application to Regin Analysis by tecamac (pass: c4ujeswA) [link] + source code [link]
List of new exports ntoskrnl & win32k & ntdll (Windows 10 TP) [link]
Readable (English) version of that Spanish post about how HT was hacked [link]


Windows exploitation in 2015 - http://www.welivesecurity.com/2016/01/26/windows-exploitation-in-2015/


Windows exploitation in 2014 - http://artemonsecurity.blogspot.ru/2015/01/windows-exploitation-in-2014.html


Windows exploitation in 2013 - http://www.welivesecurity.com/2014/02/11/windows-exploitation-in-2013/


Sality rootkit analysis - http://artemonsecurity.blogspot.com/2013/01/sality-rootkit-analysis.html


Necurs rootkit under microscope - http://artemonsecurity.blogspot.com/2012/12/necurs-rootkit-under-microscope.html
Zegost - analysis of the Chinese backdoor - http://artemonsecurity.blogspot.com/2012/12/zegost-analysis-of-chinese-backdoor.html
Analysis of VirTool:WinNT/Exforel.A rootkit - http://artemonsecurity.blogspot.com/2012/12/analysis-of-virtoolwinntexforela-rootkit.html
TDI - a new element in old tdss story - http://artemonsecurity.blogspot.com/2012/10/tdi-new-element-in-old-tdss-story.html
OnlineGameHack analysis - http://artemonsecurity.blogspot.com/2012/08/onlinegamehack-analysis-of-korean-games.html
Investigation an industrial rootkit incident - http://artemonsecurity.blogspot.com/2012/07/investigation-interesting-kernel-mode.html
Guntior bootkit analysis - http://artemonsecurity.blogspot.com/2012/07/guntior-detailed-analysis-of-chinese.html
ZeroAccess - new steps in evolution - http://artemonsecurity.blogspot.com/2012/06/zeroaccess-new-steps-in-evolution.html
Flame case - http://artemonsecurity.blogspot.com/2012/05/flamer-goes-itw.html


Становление Windows NT - http://citforum.ru/operating_systems/windows/nt_history/


TDL3 analysis (with Dr.Web team) [RU] - http://st.drweb.com/static/BackDoor.Tdss.565_(aka%20TDL3).pdf
Записки исследователя NTFS - http://citforum.ru/operating_systems/windows/ntfs/
Атака на кэш Windows - http://www.xakep.ru/magazine/xa/131/056/1.asp


Невидимые LKM-атаки на Windows NT - http://www.xakep.ru/magazine/xa/103/064/4.asp
Windows XP VMM research papers [RU]
Включает в себя исчерпывающую информацию об алгоритмах работы диспетчера памяти: [memory_manager.zip]


DRM project - consists of two parts: legacy FSD-filter with AVx features [blocking files operations] and keyboard sniffer [drm_project.zip]

NT kernels collection W2k-W8.1 [ntos_kernels.zip]
Hash list (MD5): ntos_hashes.txt

ntoskrnl structures collection (.h and .idc files) W2k-W7 [nt_structures.zip]


For AV-test and research purposes only [archives password protected]
Fresh ZBot collection (Jul-Aug 2012) including samples with anti-emu crypter that discussed here kernelmode [zbot.zip]
Fresh ZeroAccess/Sirefef collection (Jul-Aug 2012) - CLSID/Ea-Shellcode variant [zeroaccess.zip]
SpyEye collection (Feb 2012) - [spyeye.zip]
Reveton.A collection - [reveton.zip]

Twitter - https://twitter.com/artem_i_baranov
VT - https://www.virustotal.com/user/rkhunter/
Blog - http://artemonsecurity.blogspot.com/
PGP key: 0x98FD48447049E43A