Scribd Logo
Carica

Benvenuto in Scribd!

  • Rootkit - Round 1

    Caricato da

    Jam Silverio
    73 visualizzazioni18 pagine
    rootkit

    Titolo originale

    Rootkit- Round 1

    Copyright

    © © All Rights Reserved

    Formati disponibili

    PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    rootkit

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    73 visualizzazioni18 pagine

    Rootkit - Round 1

    Caricato da

    Jam Silverio
    rootkit

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 18

    ROOTKIT

    Overview
    • What is a Rootkit?
    • Public
    • Internal
    • Key Takeaways
    • Tip
    What is a Rootkit?
    • ROOT is for root access/ administrator access. It
    originated in the UNIX operating system and is also
    used in ANDROID.
    • And KIT which means set of tools/programs.
    • ROOTKIT is a software that gains administrative
    rights on your computer without your knowledge
    and even your permission.
    What is a Rootkit?
    • It is the most dangerous type of malware because
    when attacker successfully installed rootkit, it
    conceals itself, mixes with your endpoint programs
    down to the very firmware level. Basically it can
    damage your PC’s hardware.
    • A very, very bad/unwanted program you must keep
    your PC away from.
    What is a Rootkit?

    • It can harm anyone’s PC.


    • It can be used to target activities of high
    profile individuals or wealthy individuals or
    monitor an organization’s network through
    remote access.
    Public
    • Rootkit’s aim is to gain Full/Master control of your
    PC.
    • Able to access Master Boot Record.
    • It can even disguise itself as another unsuspicious
    program on your antivirus’ scanning.
    • Disable installation of any programs, even your
    antivirus program.
    Public
    • Firstly, attacker establishes a way to reach your
    computer.
    • And after running the rootkit program, it scans your
    social media accounts to copy some valuable
    credentials like your email addresses and
    passwords.
    Public
    • How do you get infected with a rootkit?

    -Attacker can install it one they’ve obtained root access


    • Result of a direct attack on a system
    • Exploited a known vulnerability
    • Password cracking
    • Social engineering
    • Phishing with embedded link
    • Website enticement-games, adult websites or torrents
    Public
    • Sample picture of rootkit malware
    Internal
    Rootkit Components
    • Log Cleaners —KNOW THIS—
    • File/process/user hiding tools Rootkits are softwares that
    makes an operating system
    • Network sniffers
    lie.
    • Backdoor programs
    Internal
    Modern rootkits can cloak:

    • Processes —KNOW THIS—


    • Services Rootkits are softwares that
    • TCP/IP ports makes an operating system
    • Files lie.
    • Registry keys
    • User accounts
    Internal
    Several major rootkit
    technologies
    —KNOW THIS—
    • User-mode API filtering Rootkits are softwares that
    • Kernel-mode API filtering makes an operating system
    • Kernel-mode data structure manipulation lie.
    • Process hijacking
    Internal
    Rootkit Goals
    1. Remove the evidence of original attack and
    activity that led to rootkit installation.
    —KNOW THIS—
    2. Hide future attacker activity (files, network
    connections, processes) and prevent it from Rootkits are softwares that
    being logged. makes an operating system
    3. Enable future access to system by attacker. lie.
    4. Install tools to widen scope of penetration.
    5. Secure system so other attackers can’t take
    control of system from original hacker.
    Internal
    Kernel Mode
    Classification of Rootkits
    • User Mode example programs
    • Linux Rootkit 5 (lrk5)
    • T0rnKit for Linux, Solaris
    • Other platform specific Rootkits
    • SunOS, AIX, SCO, Solaris

    User Mode
    • Kernel Mode example programs
    • Knark for Linux
    • Adore for Linux
    • Plasmoid’s Solaris Kernel-Level Rootkit
    • Hacker Defender-Windows
    Internal
    Trend Micro Rootkit Buster for Home Users

    • Hidden registry entries cleaning capability


    • Detects the latest FU2 Rootkit
    • Support hidden MBR cleanup for all disk type
    • Support the detection and cleanup of RTKT_NECURS
    • Detection for malicious MBR modification
    • Support Windows 8.1
    • Detection for system directory permission was removed
    • Detection for malicious MBR modification
    • Enhance MBR and VBR detection and cleanup
    • Support TROJ_GEN.RCBC8GK (GETH)
    • Fix some BSOD and false positive issues

    https://esupport.trendmicro.com/en-us/home/pages/technical-support/1105740.aspx
    Internal
    Trend Micro Anti Threat Toolkit with Clean Boot

    • To Remove Master Boot Record and Rootkit Infections

    https://esupport.trendmicro.com/en-us/home/pages/technical-support/1097554.aspx
    Key Takeaways

    • Rootkits are dangerous because they take total control of the


    endpoint they infect.
    • Rootkits can modify the victim machine to hide itself, change files and
    disrupt defenses.
    • Rootkits play a major role in modern attacks by keeping the attackers’
    activities hidden.
    Tip

    • Just be very careful and aware on what you are downloading


    and installing on your computer.
    THANK YOU VERY MUCH FOR READING!

    Got Questions?

    Potrebbero piacerti anche