Aleksander Czarnowski of AVET has written a technical overview of using rootkits for penetration (pen) testing:
Some parts of rootkit technology can be used to understand system security better and to strengthen systems against future attack – not only on a configuration level, but also on kernel and compiler levels.
Link here.
Alex Eckelberry