SlideShare a Scribd company logo

Rootkits

Download as PPTX, PDF
T
TharinduUdaraRanasin

Comprehensive details about Rootkits

Technology
1 of 9
Rootkits
What is a rootkit?  a collection of tools used by hackers to gain administrative privileges on compromised machines  used to help hide other forms of malware.
What does it do?  allows someone, either legitimate or malicious, to maintain command and control over a computer system, without the computer system user knowing about it.  owner of the rootkit can execute files and changing system configurations on the target machine.  Can access log files or monitor activity to covertly spy on the user's computer usage.  **There are legitimate uses for rootkits too.
How does it work?  rootkits are just one component of what is called a blended threat.  Blended threats typically consist of three snippets of code: 1. a dropper 2. loader 3. rootkit.  The dropper is the code that gets the rootkit's installation started.  Once initiated, the dropper launches the loader program and then deletes itself.  the loader causes a buffer overflow, which loads the rootkit into memory.
How blend threat get to your computer?  through social engineering  exploiting known vulnerabilities  even from brute forcing.
Types of rootkits  User-mode rootkits  run on a computer with administrative privileges.  This allows to alter security and hide processes, files, system drivers, network ports, and even system services.  These rootkits remain installed on the infected computer by copying required files to the computer's hard drive, automatically launching with every system boot.  **These rootkits will be detected by the anti-malware software.
 Kernel-mode rootkit  Will place the rootkit on the same level as the operating system and rootkit detection software.  OS can no longer be trusted.  One kernel-mode rootkit that's getting lots of attention is the Da IOS rootkit  **windows blue screen error might be caused by these rootkits.  User-mode/kernel-mode hybrid rootkit  A hybrid rootkit that combines user-mode characteristics (easy to use and stable) with kernel-mode characteristics (stealthy).  The hybrid approach is very successful and the most popular rootkit currently.
 Firmware rootkits  Can hide in firmware when the computer is shut down.  Restart the computer, and the rootkit reinstalls itself.  The altered firmware could be anything from microprocessor code to PCI expansion card firmware.  If a removal program remove these rootkits, the next time the computer starts, the firmware rootkit is there.  Virtual rootkits  They acts like a software implementation of hardware sets in a manner like that used by VMware.  virtual rootkits are almost invisible.  **The Blue Pill is one example of this type of rootkit.
How to detect it?  There are various ways to scan memory or file system areas or look for hooks into the system from rootkits.  By system monitoring.  It’s hard to detect rootkits.

Recommended

Virus and Malicious Code Chapter 5
Virus and Malicious Code Chapter 5Virus and Malicious Code Chapter 5
Virus and Malicious Code Chapter 5AfiqEfendy Zaen
 
Cia security model
Cia security modelCia security model
Cia security modelImran Ahmed
 
Nessus Software
Nessus SoftwareNessus Software
Nessus SoftwareMegha Sahu
 
Network security
Network securityNetwork security
Network securityEstiak Khan
 
Trojans and backdoors
Trojans and backdoorsTrojans and backdoors
Trojans and backdoorsGaurav Dalvi
 
Memory forensics.pptx
Memory forensics.pptxMemory forensics.pptx
Memory forensics.pptx9905234521
 
Man in the middle
Man in the middleMan in the middle
Man in the middleAhmadThaqifAimanAhma
 
Network attacks
Network attacksNetwork attacks
Network attacksManjushree Mashal
 

Recommended

Virus and Malicious Code Chapter 5
Virus and Malicious Code Chapter 5Virus and Malicious Code Chapter 5
Virus and Malicious Code Chapter 5AfiqEfendy Zaen
 
Cia security model
Cia security modelCia security model
Cia security modelImran Ahmed
 
Nessus Software
Nessus SoftwareNessus Software
Nessus SoftwareMegha Sahu
 
Network security
Network securityNetwork security
Network securityEstiak Khan
 
Trojans and backdoors
Trojans and backdoorsTrojans and backdoors
Trojans and backdoorsGaurav Dalvi
 
Memory forensics.pptx
Memory forensics.pptxMemory forensics.pptx
Memory forensics.pptx9905234521
 
Man in the middle
Man in the middleMan in the middle
Man in the middleAhmadThaqifAimanAhma
 
Network attacks
Network attacksNetwork attacks
Network attacksManjushree Mashal
 
Denial of service
Denial of serviceDenial of service
Denial of servicegarishma bhatia
 
Module 8 System Hacking
Module 8 System HackingModule 8 System Hacking
Module 8 System Hackingleminhvuong
 
Network security
Network securityNetwork security
Network securitySimranpreet Singh
 
Chapter 1_Cyber Security.pptx
Chapter 1_Cyber Security.pptxChapter 1_Cyber Security.pptx
Chapter 1_Cyber Security.pptxPrinceKumar851167
 
Database security
Database securityDatabase security
Database securityMaryamAsghar9
 
04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - NotesKranthi
 
DNS spoofing/poisoning Attack
DNS spoofing/poisoning AttackDNS spoofing/poisoning Attack
DNS spoofing/poisoning AttackFatima Qayyum
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
Network Forensic
Network ForensicNetwork Forensic
Network ForensicSujeet Kumar
 
Reconnaissance & Scanning
Reconnaissance & ScanningReconnaissance & Scanning
Reconnaissance & Scanningamiable_indian
 
Cyber attack
Cyber attackCyber attack
Cyber attackManjushree Mashal
 
Spyware and rootkit
Spyware and rootkitSpyware and rootkit
Spyware and rootkitNikhil Pandit
 
Presentation On Steganography
Presentation On SteganographyPresentation On Steganography
Presentation On SteganographyTeachMission
 
Understanding the Event Log
Understanding the Event LogUnderstanding the Event Log
Understanding the Event Logchuckbt
 
Man in The Middle Attack
Man in The Middle AttackMan in The Middle Attack
Man in The Middle AttackDeepak Upadhyay
 
CS6004 Cyber Forensics
CS6004 Cyber ForensicsCS6004 Cyber Forensics
CS6004 Cyber ForensicsKathirvel Ayyaswamy
 
Ransomware attacks
Ransomware attacksRansomware attacks
Ransomware attacksTexas Medical Liability Trust
 
Keyloggers
KeyloggersKeyloggers
Keyloggersnovacharter
 
Firewalls in network security
Firewalls in network securityFirewalls in network security
Firewalls in network securityVikram Khanna
 
Ransomware Attack.pptx
Ransomware Attack.pptxRansomware Attack.pptx
Ransomware Attack.pptxIkramSabir4
 
Research Paper on Rootkit.
Research Paper on Rootkit.Research Paper on Rootkit.
Research Paper on Rootkit.Anuj Khandelwal
 
Survey of Rootkit Technologies and Their Impact on Digital Forensics
Survey of Rootkit Technologies and Their Impact on Digital ForensicsSurvey of Rootkit Technologies and Their Impact on Digital Forensics
Survey of Rootkit Technologies and Their Impact on Digital ForensicsTyler Shields
 

More Related Content

What's hot

Module 8 System Hacking
Module 8 System HackingModule 8 System Hacking
Module 8 System Hackingleminhvuong
 
Chapter 1_Cyber Security.pptx
Chapter 1_Cyber Security.pptxChapter 1_Cyber Security.pptx
Chapter 1_Cyber Security.pptxPrinceKumar851167
 
04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - NotesKranthi
 
DNS spoofing/poisoning Attack
DNS spoofing/poisoning AttackDNS spoofing/poisoning Attack
DNS spoofing/poisoning AttackFatima Qayyum
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
Reconnaissance & Scanning
Reconnaissance & ScanningReconnaissance & Scanning
Reconnaissance & Scanningamiable_indian
 
Presentation On Steganography
Presentation On SteganographyPresentation On Steganography
Presentation On SteganographyTeachMission
 
Understanding the Event Log
Understanding the Event LogUnderstanding the Event Log
Understanding the Event Logchuckbt
 
Man in The Middle Attack
Man in The Middle AttackMan in The Middle Attack
Man in The Middle AttackDeepak Upadhyay
 
Firewalls in network security
Firewalls in network securityFirewalls in network security
Firewalls in network securityVikram Khanna
 
Ransomware Attack.pptx
Ransomware Attack.pptxRansomware Attack.pptx
Ransomware Attack.pptxIkramSabir4
 

What's hot (20)

Denial of service
Denial of serviceDenial of service
Denial of service
 
Module 8 System Hacking
Module 8 System HackingModule 8 System Hacking
Module 8 System Hacking
 
Network security
Network securityNetwork security
Network security
 
Chapter 1_Cyber Security.pptx
Chapter 1_Cyber Security.pptxChapter 1_Cyber Security.pptx
Chapter 1_Cyber Security.pptx
 
Database security
Database securityDatabase security
Database security
 
04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes
 
DNS spoofing/poisoning Attack
DNS spoofing/poisoning AttackDNS spoofing/poisoning Attack
DNS spoofing/poisoning Attack
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
 
Network Forensic
Network ForensicNetwork Forensic
Network Forensic
 
Reconnaissance & Scanning
Reconnaissance & ScanningReconnaissance & Scanning
Reconnaissance & Scanning
 
Cyber attack
Cyber attackCyber attack
Cyber attack
 
Spyware and rootkit
Spyware and rootkitSpyware and rootkit
Spyware and rootkit
 
Presentation On Steganography
Presentation On SteganographyPresentation On Steganography
Presentation On Steganography
 
Understanding the Event Log
Understanding the Event LogUnderstanding the Event Log
Understanding the Event Log
 
Man in The Middle Attack
Man in The Middle AttackMan in The Middle Attack
Man in The Middle Attack
 
CS6004 Cyber Forensics
CS6004 Cyber ForensicsCS6004 Cyber Forensics
CS6004 Cyber Forensics
 
Ransomware attacks
Ransomware attacksRansomware attacks
Ransomware attacks
 
Keyloggers
KeyloggersKeyloggers
Keyloggers
 
Firewalls in network security
Firewalls in network securityFirewalls in network security
Firewalls in network security
 
Ransomware Attack.pptx
Ransomware Attack.pptxRansomware Attack.pptx
Ransomware Attack.pptx
 

Similar to Rootkits

Research Paper on Rootkit.
Research Paper on Rootkit.Research Paper on Rootkit.
Research Paper on Rootkit.Anuj Khandelwal
 
Survey of Rootkit Technologies and Their Impact on Digital Forensics
Survey of Rootkit Technologies and Their Impact on Digital ForensicsSurvey of Rootkit Technologies and Their Impact on Digital Forensics
Survey of Rootkit Technologies and Their Impact on Digital ForensicsTyler Shields
 
Exploits Attack on Windows Vulnerabilities
Exploits Attack on Windows VulnerabilitiesExploits Attack on Windows Vulnerabilities
Exploits Attack on Windows VulnerabilitiesAmit Kumbhar
 
Rootkit Hunting & Compromise Detection
Rootkit Hunting & Compromise DetectionRootkit Hunting & Compromise Detection
Rootkit Hunting & Compromise Detectionamiable_indian
 
A methodology to detect and characterize kernel level rootkit exploits involv...
A methodology to detect and characterize kernel level rootkit exploits involv...A methodology to detect and characterize kernel level rootkit exploits involv...
A methodology to detect and characterize kernel level rootkit exploits involv...UltraUploader
 
CarolinaCon 2008 Rootkits Then and Now
CarolinaCon 2008 Rootkits Then and NowCarolinaCon 2008 Rootkits Then and Now
CarolinaCon 2008 Rootkits Then and NowTyler Shields
 
Types of malicious software and remedies
Types of malicious software and remediesTypes of malicious software and remedies
Types of malicious software and remediesManish Kumar
 
Investigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft WindowsInvestigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft WindowsAaron ND Sawmadal
 
Investigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft WindowsInvestigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft WindowsAaron ND Sawmadal
 
Security threats explained
Security threats explained Security threats explained
Security threats explained Abhijeet Karve
 
When developer's api simplify user mode rootkits developing.
When developer's api simplify user mode rootkits developing.When developer's api simplify user mode rootkits developing.
When developer's api simplify user mode rootkits developing.Yury Chemerkin
 
RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5CAS
 
ransomware keylogger rootkit.pptx
ransomware keylogger rootkit.pptxransomware keylogger rootkit.pptx
ransomware keylogger rootkit.pptxdawitTerefe5
 
Symantec White Paper: W32.Ramnit Analysis
Symantec White Paper: W32.Ramnit AnalysisSymantec White Paper: W32.Ramnit Analysis
Symantec White Paper: W32.Ramnit AnalysisSymantec
 

Similar to Rootkits (20)

Research Paper on Rootkit.
Research Paper on Rootkit.Research Paper on Rootkit.
Research Paper on Rootkit.
 
Survey of Rootkit Technologies and Their Impact on Digital Forensics
Survey of Rootkit Technologies and Their Impact on Digital ForensicsSurvey of Rootkit Technologies and Their Impact on Digital Forensics
Survey of Rootkit Technologies and Their Impact on Digital Forensics
 
D-Cipher
D-CipherD-Cipher
D-Cipher
 
Exploits Attack on Windows Vulnerabilities
Exploits Attack on Windows VulnerabilitiesExploits Attack on Windows Vulnerabilities
Exploits Attack on Windows Vulnerabilities
 
Rootkit Hunting & Compromise Detection
Rootkit Hunting & Compromise DetectionRootkit Hunting & Compromise Detection
Rootkit Hunting & Compromise Detection
 
A methodology to detect and characterize kernel level rootkit exploits involv...
A methodology to detect and characterize kernel level rootkit exploits involv...A methodology to detect and characterize kernel level rootkit exploits involv...
A methodology to detect and characterize kernel level rootkit exploits involv...
 
CarolinaCon 2008 Rootkits Then and Now
CarolinaCon 2008 Rootkits Then and NowCarolinaCon 2008 Rootkits Then and Now
CarolinaCon 2008 Rootkits Then and Now
 
Types of malicious software and remedies
Types of malicious software and remediesTypes of malicious software and remedies
Types of malicious software and remedies
 
O p
O pO p
O p
 
Introduction to Malwares
Introduction to MalwaresIntroduction to Malwares
Introduction to Malwares
 
Investigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft WindowsInvestigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft Windows
 
Investigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft WindowsInvestigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft Windows
 
Security threats explained
Security threats explained Security threats explained
Security threats explained
 
When developer's api simplify user mode rootkits developing.
When developer's api simplify user mode rootkits developing.When developer's api simplify user mode rootkits developing.
When developer's api simplify user mode rootkits developing.
 
RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5
 
ransomware keylogger rootkit.pptx
ransomware keylogger rootkit.pptxransomware keylogger rootkit.pptx
ransomware keylogger rootkit.pptx
 
It ppt new
It ppt newIt ppt new
It ppt new
 
Symantec White Paper: W32.Ramnit Analysis
Symantec White Paper: W32.Ramnit AnalysisSymantec White Paper: W32.Ramnit Analysis
Symantec White Paper: W32.Ramnit Analysis
 
Mitppt
MitpptMitppt
Mitppt
 
Ch02 System Threats and Risks
Ch02 System Threats and RisksCh02 System Threats and Risks
Ch02 System Threats and Risks
 

Recently uploaded

Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 

Recently uploaded (20)

Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 

Rootkits

  • 2. What is a rootkit?  a collection of tools used by hackers to gain administrative privileges on compromised machines  used to help hide other forms of malware.
  • 3. What does it do?  allows someone, either legitimate or malicious, to maintain command and control over a computer system, without the computer system user knowing about it.  owner of the rootkit can execute files and changing system configurations on the target machine.  Can access log files or monitor activity to covertly spy on the user's computer usage.  **There are legitimate uses for rootkits too.
  • 4. How does it work?  rootkits are just one component of what is called a blended threat.  Blended threats typically consist of three snippets of code: 1. a dropper 2. loader 3. rootkit.  The dropper is the code that gets the rootkit's installation started.  Once initiated, the dropper launches the loader program and then deletes itself.  the loader causes a buffer overflow, which loads the rootkit into memory.
  • 5. How blend threat get to your computer?  through social engineering  exploiting known vulnerabilities  even from brute forcing.
  • 6. Types of rootkits  User-mode rootkits  run on a computer with administrative privileges.  This allows to alter security and hide processes, files, system drivers, network ports, and even system services.  These rootkits remain installed on the infected computer by copying required files to the computer's hard drive, automatically launching with every system boot.  **These rootkits will be detected by the anti-malware software.
  • 7.  Kernel-mode rootkit  Will place the rootkit on the same level as the operating system and rootkit detection software.  OS can no longer be trusted.  One kernel-mode rootkit that's getting lots of attention is the Da IOS rootkit  **windows blue screen error might be caused by these rootkits.  User-mode/kernel-mode hybrid rootkit  A hybrid rootkit that combines user-mode characteristics (easy to use and stable) with kernel-mode characteristics (stealthy).  The hybrid approach is very successful and the most popular rootkit currently.
  • 8.  Firmware rootkits  Can hide in firmware when the computer is shut down.  Restart the computer, and the rootkit reinstalls itself.  The altered firmware could be anything from microprocessor code to PCI expansion card firmware.  If a removal program remove these rootkits, the next time the computer starts, the firmware rootkit is there.  Virtual rootkits  They acts like a software implementation of hardware sets in a manner like that used by VMware.  virtual rootkits are almost invisible.  **The Blue Pill is one example of this type of rootkit.
  • 9. How to detect it?  There are various ways to scan memory or file system areas or look for hooks into the system from rootkits.  By system monitoring.  It’s hard to detect rootkits.