Rootkits Jonathan Hobbs.

Slides:



Advertisements
Similar presentations
Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,
Advertisements

COEN 250 Computer Forensics Unix System Life Response.
Backdoors, Trojans and Rootkits CIS 413 This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited.
Lesson 3-Hacker Techniques
Operating System Security : David Phillips A Study of Windows Rootkits.
How an attacker can maintain control over their victim’s system without being discovered.
Lesson 6 Basics of Incident Response. UTSA IS 6353 Security Incident Response Overview Hacker Lexicon Incident Response.
ROOTKIT VIRUS by Himanshu Mishra Points to be covered Introduction History Uses Classification Installation and Cloaking Detection Removal.
Hacking Linux Based on Hacking Linux Exposed Hatch, Lee, and Kurtz ISBN
Chapter 14 Computer Security Threats Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,
Windows Security and Rootkits Mike Willard January 2007.
電腦攻擊與防禦 The Attack and Defense of Computers Dr. 許 富 皓.
Vijay krishnan Avinesh Dupat  Collection of tools (programs) that enable administrator-level access to a computer or computer network.  The main purpose.
Jai, 2004 Incident Response & Computer Forensics Chapter 6 Live Data Collection from Unix Systems Information Networking Security and Assurance Lab National.
ROOT KITS. Overview History What is a rootkit? Rootkit capabilities Rootkits on windows OS Rootkit demo Detection methodologies Good tools for detection.
Information Networking Security and Assurance Lab National Chung Cheng University Live Data Collection from Unix Systems.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Copyright John “Four” Flynn This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
Internet Relay Chat Chandrea Dungy Derek Garrett #29.
VMM Based Rootkit Detection on Android Class Presentation Pete Bohman, Adam Kunk, Erik Shaw.
Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.
Linux Networking and Security Chapter 11 Network Security Fundamentals.
Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.
Rootkits. EC-Council The Problem  Microsoft Corp. security researchers are warning about a new generation of powerful system-monitoring programs, or.
Vijay Krishnan Avinesh Dupat. A rootkit is software that enables continued privileged access to a computer while actively hiding its presence from administrators.
1 CSCD 434 Winter 2013 Lecture 10 Attacks and More Attacks Root kits.
CIS 450 – Network Security Chapter 15 – Preserving Access.
Rootkits in Windows XP  What they are and how they work.
1.2 Security. Computer security is a branch of technology known as information security, it is applied to computers and networks. It is used to protect.
Module 8 – What's Next?  Phase II  Controls Assessment  Scheduling ○ Information Gathering ○ Network Mapping ○ Vulnerability Identification ○ Penetration.
Monnappa KA  Info Security Cisco  Member of SecurityXploded  Reverse Engineering, Malware Analysis, Memory Forensics 
Hacker’s Strategies Revealed WEST CHESTER UNIVERSITY Computer Science Department Yuchen Zhou March 22, 2002.
LINUX ROOTKITS Chirk Chu Chief Security Officer University of Alaska Statewide System Information Technology Services.
BlackHat Windows Security 2004 Data Hiding on a Live System by Harlan Carvey
Mathieu Castets October 17th,  What is a rootkit?  History  Uses  Types  Detection  Removal  References 2/11.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
VMM Based Rootkit Detection on Android Class Presentation Pete Bohman, Adam Kunk, Erik Shaw.
Cracking Techniques Onno W. Purbo
Hidden Processes: The Implication for Intrusion Detection
Rootkits What are they? What do they do? Where do they come from?
Hacking Windows 9X/ME. Hacking framework Initial access physical access brute force trojans Privilege escalation Administrator, root privileges Consolidation.
Instructor: Dr. Harold C. Grossman Student: Subhra S. Sarkar
Rootkits, Backdoors, and Trojans ECE 4112 – Lab 5 Summary – Spring 2006 Group 9 Greg Sheridan Terry Harvey Group 10 Matthew Bowman Laura Silaghi Michael.
COEN 250 Computer Forensics Unix System Life Response.
BACKDOORS By: Himie Freeman, Joey Adkins, Kennedy Williams, and Erin Bethke.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Network Forensics - III November 3, 2008.
Computer Security Threats CLICKTECHSOLUTION.COM. Computer Security Confidentiality –Data confidentiality –Privacy Integrity –Data integrity –System integrity.
Understand Malware LESSON Security Fundamentals.
Types of Malware © 2014 Project Lead The Way, Inc.Computer Science and Software Engineering.
VMM Based Rootkit Detection on Android
Lecture 5 Rootkits Hoglund/Butler (Chapters 1-3).
Rootkits Jonathan Barella Chad Petersen. Overview What are rootkits How do rootkits work How to detect rootkits How to remove rootkits.
Lecture 8 Rootkits Hoglund/Butler (Chapter 7-8). Avoiding detection Two ways rootkits can avoid detection –Modify execution path of operating system to.
Koustav Sadhukhan, Rao Arvind Mallari and Tarun Yadav DRDO, Ministry of Defense, INDIA Cyber Attack Thread: A Control-flow Based Approach to Deconstruct.
CompTIA Security+ Study Guide (SY0-401) Chapter 9: Malware, Vulnerabilities, and Threats.
Computer safety Filip Hruby.
Topic 5 Penetration Testing 滲透測試
Seminar On Ethical Hacking Submitted To: Submitted By:
Malware Creators Are Quite Clever, You Know...
Onno W. Purbo Cracking Techniques Onno W. Purbo
Rootkit A rootkit is a set of tools which take the ability to access a computer or computer network at administrator level. Generally, hackers install.
Hidden Processes: The Implication for Intrusion Detection
I have edited and added material.
Chapter 2: System Structures
Metasploit Analysis Report Overview
Malicious Software Network security Master:Mr jangjou
Operating System Security
The Effects of Jailbreaking on iPhone Security
Authorization and Identity
Attacks and More Attacks
Presentation transcript:

Rootkits Jonathan Hobbs

What is a rootkit? A tool set installed to grant a user root access First modern rootkits emerged in the mid 1990s Before rootkits there were log cleaners

Goal of a Rootkit Maintain access Execute malware Remain hidden

Types of Rootkits Binary rootkits Kernel- and User-level rootkits Remote & local access Hide processes, connections, files, and user activity Kernel- and User-level rootkits Loadable Kernel Module Firmware rootkits

Installation Rootkit installation can be achieved in two ways Trojan Horse Root or administrator level access Local or remote UNIX rootkit installation process (LKM backdoor example) Disable shell history Setup directory structure for rootkit Freeze system logs Deploy backdoor

Architecture Scanner Scans for vulnerable systems Installer Payload

Payloads Back doors Packet sniffers Log and file wipers Denial of service

Detection Evasion & System Manipulation Techniques include Masquerading Hooking Direct Kernel Object Manipulation (DKOM)

Hooking and Masquerading Rootkit payload pretending to be normal programs’ Windows: using the System Service Dispatch Table (SSDT) https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=1588822

DKOM Windows EPROCESS Connected by double-linked lists Rootkit processes hidden by unlinking themselves from the list https://www.symantec.com/avcenter/reference/when.malware.meets.rootkits.pdf

Summary Rootkits have effectively compromised systems by manipulating the core operating system processes Different types of rootkits exist which compromise the system at different levels Rootkits require administrator access to a system for installation and execution

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.