+

Hakin9 Extra – Rootkit 06/2011

November 14, 2011


Magazine Redaction No Comments
Hakin9 Extra Rootkit

Hakin9 Extra Rootkit

Rootkits Hidden in Hardware of PC by Anibal Sacco
Let’s think like an attacker for a second. There are multiple applications dedicated to find malicious code both in user and in kernel space. So new places have to be found to deploy your code while keeping it stealthy.
TDSS aka TDL – Chronology by Eugene Melnichenko
An attempt could have been made to reconcile the inconsistencies shown above; however, the rootkit uses several kernel threads to check if rootkit hooks are present and to restore them if required.
How to Write a Good Rootkit: a Different Approach by Valerio Lupi
You can hide your startup registry key (depending on how do you autostart your DLL which needs to be reinjected in EXPLORER.EXE at login time) by not creating the registry key at all, and doing that at shutdown only (catching the WM_QUERYENDSESSION/WM_ENDSESSION message in your rootkit core).
Detecting Security Intrusions: Kernel-mode Rootkits by Pablo Bravo
The proposed technique detects any software module (rootkit) which patches the System Service Description Table or manipulates the process list in Windows systems in order to hide processes. The main idea is to gain execution when the code or data of the operating system is being patched.
Strong Approach to Hardware-VM Rootkits Detection by Igor Korkin
Trusted platform module (TPM) application cannot save the situation as the VMM can emulate TPM. The fact that a malware VMM can be loaded from BIOS and survive program updates of the BIOS, aggravates the situation.
The Darkness of Social Exploitation by Rakesh Sharma
The biggest cyber threat is people not understanding the value of information. It might sound simplistic but that is really all it is. There is a darkness in everyone, the people who understand the power of information, know exactly how dangerous it can be when put to misuse.
Basic Facebook Privacy Breeches by Jose Ignacio Orlicki
Besides native privacy issues, as any web page FB has been a target of cross-site scripting (XSS), SQL code injection, phishing and any attack imaginable for the web vector. Most of the vulnerabilities are available not directly through FB but through the FB platform.
Analysis of ‘IM’ Spreading Techniques by Joseph Foulds
There should be greater pressure for instant message service providers to develop prevention systems to ensure that their services are not abused in order to facilitate the spread of malware. Although some malware samples do have primitive or even moderately advanced IM spreading techniques, we are yet to see any samples ‘in the wild’.

Comments

Tagged with:

Leave a Comment

Please keep in mind that comments are moderated and rel="nofollow" is in use. So, please do not use a spammy keyword or a domain as your name, or it will be deleted. Let us have a personal and meaningful conversation instead.

You must be logged in to post a comment.

-->

IT MAGAZINES: Hakin9 Magazine | Pentest Magazine | eForensics Magazine | Software Developer's Journal | Hadoop Magazine | Java Magazine
IT Blogs: Hakin9 Magazine Blog | Pentest Magazine Blog | eForensics Magazine Blog | Software Developer's Journal Blog | Hadoop Magazine Blog | Java Magazine Blog
IT ONLINE COURSES: Pentest Laboratory
JOB OFFERS FOR IT SPECIALIST: Jobs on Hakin9 Magazine | Jobs on Pentest Magazine | Jobs on eForensics Magazine | Jobs on Software Developer's Journal | Jobs on Java Magazine | Jobs on Hadoop Magazine
Hakin9 Media Sp. z o.o. Sp. komandytowa ul. Postępu 17D, 02-676 Warszawa