The Hacker News

Mustang Panda Uses Signed Kernel-Mode Rootkit to Load TONESHELL Backdoor

Mustang Panda deployed TONESHELL via a signed kernel-mode rootkit, targeting Asian government networks and evading security ...
SecurityWeek

Chinese APT Mustang Panda Caught Using Kernel-Mode Rootkit

The China-linked Mustang Panda APT has been using a kernel-mode rootkit in attacks leading to ToneShell backdoor deployments.

Chinese state hackers use rootkit to hide ToneShell malware activity

A new sample of the ToneShell backdoor, typically seen in Chinese cyberespionage campaigns, has been delivered through a kernel-mode loader in attacks against government organizations.
Threat Post

Patched Windows Kernel-Mode Driver Flaw Exploitable With One Bit Change

Details have been disclosed on a Windows kernel-mode driver privilege escalation vulnerability that was patched Tuesday by Microsoft. The vulnerabilities addressed in this month’s Patch Tuesday ...
Linux Journal

Kernel Korner - Kernel Mode Linux for AMD64

Kernel Mode Linux (KML) is a technology that enables the execution of user processes in kernel mode. I described the basic concept and the implementation techniques of KML on IA-32 architecture in my ...
InfoWorld

Programming the Windows kernel with eBPF

Much of modern operating system functionality happens in and around the kernel. That’s a problem when you’re implementing monitoring and observability tools or adding low-level security tools because ...