http://opensecuritytraining.info/Rootkits.html
Assumes: Some Intro/Intermediate x86 & Life of Binaries knowledge (primarily assembly, interrupts, IAT)
Teaches: How stealth malware techniques work, and specific tools that reveal hidden malware attributes. Specifically we discuss Windows userspace and kernel malware using inline, IAT, IDT, SSDT, IRP hooks, as well as DKOM, KOH, and bootkits.