|
|
|
|
|
|
by loeg
4882 days ago
|
|
|
Cool, I learned something. I guess the boot partition is likely to be inactive, and with a ffs-derived file system you can simply overwrite some file in place with your own functionality. E.g., replace some unused driver code with your rootkit, which loads itself on probe. |
|
|