Presentation is loading. Please wait.

Presentation is loading. Please wait.

Rootkits Jonathan Hobbs.

Published byLucienne Malo Modified over 6 years ago

Similar presentations

Presentation on theme: "Rootkits Jonathan Hobbs."— Presentation transcript:

1 Rootkits Jonathan Hobbs

2 What is a rootkit? A tool set installed to grant a user root access
First modern rootkits emerged in the mid 1990s Before rootkits there were log cleaners

3 Goal of a Rootkit Maintain access Execute malware Remain hidden

4 Types of Rootkits Binary rootkits Kernel- and User-level rootkits
Remote & local access Hide processes, connections, files, and user activity Kernel- and User-level rootkits Loadable Kernel Module Firmware rootkits

5 Installation Rootkit installation can be achieved in two ways
Trojan Horse Root or administrator level access Local or remote UNIX rootkit installation process (LKM backdoor example) Disable shell history Setup directory structure for rootkit Freeze system logs Deploy backdoor

6 Architecture Scanner Scans for vulnerable systems Installer Payload

7 Payloads Back doors Packet sniffers Log and file wipers
Denial of service

8 Detection Evasion & System Manipulation
Techniques include Masquerading Hooking Direct Kernel Object Manipulation (DKOM)

9 Hooking and Masquerading
Rootkit payload pretending to be normal programs’ Windows: using the System Service Dispatch Table (SSDT)

10 DKOM Windows EPROCESS Connected by double-linked lists
Rootkit processes hidden by unlinking themselves from the list

11 Summary Rootkits have effectively compromised systems by manipulating the core operating system processes Different types of rootkits exist which compromise the system at different levels Rootkits require administrator access to a system for installation and execution

12 Questions?

Download ppt "Rootkits Jonathan Hobbs."

Similar presentations

Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,

Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,
COEN 250 Computer Forensics Unix System Life Response.

COEN 250 Computer Forensics Unix System Life Response.
Backdoors, Trojans and Rootkits CIS 413 This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited.

Backdoors, Trojans and Rootkits CIS 413 This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited.
Lesson 3-Hacker Techniques

Lesson 3-Hacker Techniques
Operating System Security : David Phillips A Study of Windows Rootkits.

Operating System Security : David Phillips A Study of Windows Rootkits.
How an attacker can maintain control over their victim’s system without being discovered.

How an attacker can maintain control over their victim’s system without being discovered.
Lesson 6 Basics of Incident Response. UTSA IS 6353 Security Incident Response Overview Hacker Lexicon Incident Response.

Lesson 6 Basics of Incident Response. UTSA IS 6353 Security Incident Response Overview Hacker Lexicon Incident Response.
ROOTKIT VIRUS by Himanshu Mishra Points to be covered Introduction History Uses Classification Installation and Cloaking Detection Removal.

ROOTKIT VIRUS by Himanshu Mishra Points to be covered Introduction History Uses Classification Installation and Cloaking Detection Removal.
Hacking Linux Based on Hacking Linux Exposed Hatch, Lee, and Kurtz ISBN 0-07-212773-2.

Hacking Linux Based on Hacking Linux Exposed Hatch, Lee, and Kurtz ISBN
Chapter 14 Computer Security Threats Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,

Chapter 14 Computer Security Threats Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,
Windows Security and Rootkits Mike Willard January 2007.

Windows Security and Rootkits Mike Willard January 2007.
電腦攻擊與防禦 The Attack and Defense of Computers Dr. 許 富 皓.

電腦攻擊與防禦 The Attack and Defense of Computers Dr. 許 富 皓.
Vijay krishnan Avinesh Dupat  Collection of tools (programs) that enable administrator-level access to a computer or computer network.  The main purpose.

Vijay krishnan Avinesh Dupat  Collection of tools (programs) that enable administrator-level access to a computer or computer network.  The main purpose.
Jai, 2004 Incident Response & Computer Forensics Chapter 6 Live Data Collection from Unix Systems Information Networking Security and Assurance Lab National.

Jai, 2004 Incident Response & Computer Forensics Chapter 6 Live Data Collection from Unix Systems Information Networking Security and Assurance Lab National.
ROOT KITS. Overview History What is a rootkit? Rootkit capabilities Rootkits on windows OS Rootkit demo Detection methodologies Good tools for detection.

ROOT KITS. Overview History What is a rootkit? Rootkit capabilities Rootkits on windows OS Rootkit demo Detection methodologies Good tools for detection.
Information Networking Security and Assurance Lab National Chung Cheng University Live Data Collection from Unix Systems.

Information Networking Security and Assurance Lab National Chung Cheng University Live Data Collection from Unix Systems.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Copyright John “Four” Flynn 2005. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

Copyright John “Four” Flynn This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
Internet Relay Chat Chandrea Dungy Derek Garrett #29.

Internet Relay Chat Chandrea Dungy Derek Garrett #29.
VMM Based Rootkit Detection on Android Class Presentation Pete Bohman, Adam Kunk, Erik Shaw.

VMM Based Rootkit Detection on Android Class Presentation Pete Bohman, Adam Kunk, Erik Shaw.

Similar presentations

Ads by Google