Rootkits Jonathan Barella Chad Petersen. Overview What are rootkits How do rootkits work How to...

Click here to load reader

download Rootkits Jonathan Barella Chad Petersen. Overview What are rootkits How do rootkits work How to detect

of 20

  • date post

    20-Jan-2018
  • Category

    Documents

  • view

    220
  • download

    0

Embed Size (px)

description

What is a Rootkit, and how does it work Jonathan Barella

Transcript of Rootkits Jonathan Barella Chad Petersen. Overview What are rootkits How do rootkits work How to...

Finding And Removing RootkitsJonathan Barella
What are rootkits?
A rootkit is small sophisticated piece of support software that can enable malicious software to run on the compromised computer
Commonly associated with spies because of the common goals they share
Used in almost every modern piece of malware in the wild today
What are rootkits?
Broadly defined by Symantec as “any software that acquires and maintains privileged access to the Operating System (OS) while hiding its presence by subverting normal OS behavior”
Designed with three main objectives
Run
Hide
Act
Vulnerabilities
How do rootkits work?
How do rootkits work?
How do rootkits work?
This is the ultimate goal to be hidden from the systems view.
Finding And Removing Rootkits
Signature Based Detection
Diff Based Detection
Cons
does not work well if scan is ran on infected system
Must have knowledge to decipher flagged programs.
Be Vigilant
Lastly the user can sometimes tell when something is amis
Network traffic spike
Large decrease in performance
Rootkits can infect; user files, kernel files, the boot loader, a hypervisor, and hardware firmware.
Steps Once Identified