0

HAKIN9 EXTRA – ROOTKIT 06/2011

Download
File
Hakin9-Extra-6_2011_EN.pdf
Please login or Register to access downloadables
Download

Rootkits Hidden in Hardware of PC by Anibal Sacco
Let’s think like an attacker for a second. There are multiple applications dedicated to find malicious code both in user and in kernel space. So new places have to be found to deploy your code while keeping it stealthy.

TDSS aka TDL – Chronology by Eugene Melnichenko
An attempt could have been made to reconcile the inconsistencies shown above; however, the rootkit uses several kernel threads to check if rootkit hooks are present and to restore them if required.

How to Write a Good Rootkit: a Different Approach by Valerio Lupi
You can hide your startup registry key (depending on how do you autostart your DLL which needs to be reinjected in EXPLORER.EXE at login time) by not creating the registry key at all, and doing that at shutdown only (catching the WM_QUERYENDSESSION/WM_ENDSESSION message in your rootkit core).

Detecting Security Intrusions: Kernel-mode Rootkits by Pablo Bravo
The proposed technique detects any software module (rootkit) which patches the System Service Description Table or manipulates the process list in Windows systems in order to hide processes. The main idea is to gain execution when the code or data of the operating system is being patched.

Strong Approach to Hardware-VM Rootkits Detection by Igor Korkin
Trusted platform module (TPM) application cannot save the situation as the VMM can emulate TPM. The fact that a malware VMM can be loaded from BIOS and survive program updates of the BIOS, aggravates the situation.

The Darkness of Social Exploitation by Rakesh Sharma
The biggest cyber threat is people not understanding the value of information. It might sound simplistic but that is really all it is. There is a darkness in everyone, the people who understand the power of information, know exactly how dangerous it can be when put to misuse.

Basic Facebook Privacy Breeches by Jose Ignacio Orlicki
Besides native privacy issues, as any web page FB has been a target of cross-site scripting (XSS), SQL code injection, phishing and any attack imaginable for the web vector. Most of the vulnerabilities are available not directly through FB but through the FB platform.

Analysis of ‘IM’ Spreading Techniques by Joseph Foulds
There should be greater pressure for instant message service providers to develop prevention systems to ensure that their services are not abused in order to facilitate the spread of malware. Although some malware samples do have primitive or even moderately advanced IM spreading techniques, we are yet to see any samples ‘in the wild’.


Download
File
Hakin9-Extra-6_2011_EN.pdf
Please login or Register to access downloadables
Download

April 19, 2022
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
Get unlimited access

Become an Instructor

Become a Reviewer

Writing on Hakin9

LOOKING for a JOB in IT security?



© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023
What certifications or qualifications do you hold?
Max. file size: 150 MB.
Please review your information and consent to the processing of your personal data.(Required)
What level of experience should the ideal candidate have?
What certifications or qualifications are preferred?
Please review your information and consent to the processing of your personal data.(Required)

Download Free eBook

Step 1 of 4

Name(Required)

We’re committed to your privacy. Hakin9 uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.