As part of extensive research about rootkits, a number of tools and cases were developed to demonstrate changes that can be performed on systems running on a compiler in runtime. The research was performed on a number of common platforms, such as .NET and JAVA, but the same methods can be used generically for other systems too. As a part of the project, lectures and demonstrations were given and a book titled Managed Code Rootkits was written on the subject (you can read a taster of the book by clicking this link). The book contains examples of uses, both in context of security faults the technique enables and in the context of information security, creating a rootkit for the framework that hardens the running software during runtime.
ReFrameworker is a general purpose Framework modifier, used to reconstruct framework Runtimes by creating modified versions from the original implementation that was provided by the framework vendor
.Net-Frameworker-Rootkits enables application level rootkit attacks on managed code environments, enabling an attacker to change the .NET language runtime implementation, and to hide malicious code inside its core. The focus here is on the .NET Framework, but the concepts are general.
Java Rootkits enables application level rootkit attacks on Java JVM environment, enabling an attacker to change the language runtime implementation, and to hide malicious code inside its core.
