A few years ago kernel malware were simple pieces of code whose purpose was to perform a specific task on behalf of the main malware component. They were most often used as rootkits to hide files, registry entries and network connections belonging to the main payload. They were not packed or obfuscated and their analysis was easy if the analyst was familiar with kernel-mode code and tools. Since then things have changed. Full-Kernel malware have now entered the scene and this presentation will go through some of the most important developments that have had a big impact on the evolution of kernel malware.