SlideShare uma empresa Scribd logo

Rootkit Hunting & Compromise Detection

A
amiable_indian

Joanna Rutkowska

Tecnologia
1 de 49
Rootkit Hunting vs. Compromise Detection Joanna Rutkowska invisiblethings.org Black Hat Federal 2006, Washington D.C., January 25 th 2006.
What this talk is going to be about? ,[object Object],[object Object],[object Object],[object Object],[object Object]
Simple definitions… ,[object Object],[object Object],[object Object],[object Object],[object Object]
Different approaches to Compromise Detection… ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
What do we really need? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Surviving the reboot? ,[object Object],[object Object],[object Object],[object Object],[object Object]
Theoretical Scary Scenario…
Network infected 1 2 3 4
Client re-infection 1 2
Digression: Passive Covert Channels ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Surviving the reboot… ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
File infectors ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
What about hiding other stuff? ,[object Object],[object Object],[object Object],[object Object],[object Object]
Hidden Processes? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Hidden Win32 Services? ,[object Object],[object Object]
Hidden Sockets? ,[object Object],[object Object],[object Object],[object Object]
Hidden modules (kernel and DLLs)? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Hidden kernel filters? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Stealth malware without rootkits ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
DEMO: Pretty Stealthy Backdoor ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Things which can be subverted ,[object Object],[object Object],[object Object],[object Object],BIOS flash, ? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],CPU registers: Debug Registers, Some MSRs, ? volatile persistent
Things which can be subverted… ,[object Object],[object Object],[object Object]
Interaction with OS infrastructure Pretty Stealth Backdoor The only interaction between the backdoor and OS! Just few DWORDs! DATA CODE
Lessons learned ,[object Object],[object Object],[object Object]
Malware classification proposal ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Type I Malware examples ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Fighting Type I malware ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Patch Guard ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Patch Guard ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
System Virginity Verifier Idea ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Extending SVV – SVV 2.2 ,[object Object],[object Object],[object Object],[object Object],[object Object]
DEMO: Fighting Type I Malware ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Type II Malware examples ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Fighting Type II Malware ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
DEMO: Type II Malware Detection ,[object Object],[object Object]
Type II Malware Detection cont. ,[object Object],[object Object],[object Object],[object Object]
Memory Reading Problem (MRP) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
MRP cont. ,[object Object],[object Object],[object Object],[object Object],[object Object]
MRP – what Microsoft can do? ,[object Object],[object Object],[object Object],[object Object]
Stealth by Design vs. Type II Malware ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Stealth by Design vs. Type II Malware ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
File infectors… ,[object Object],[object Object]
Stealth by Design vs. Type II Malware ,[object Object],[object Object],X-VIEW useless. ECD may be difficult. Network based detection may be easier? X-VIEW useless. ECD easy and effective. Stealth By Design ECD may be difficult X-VIEW easier and more effective. ECD easy and effective. X-VIEW works well too. Classic Rootkit Technology Type II Malware Type I Malware
DEMO: Pretty Stealthy Backdoor Again ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Challenge ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Challenge ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
What OS vendors can do? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Losers and Winners ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Thank you for your time!

Recomendados

Bug Finding - K.K.Mookhey
Bug Finding - K.K.MookheyBug Finding - K.K.Mookhey
Bug Finding - K.K.Mookheyamiable_indian
 
Analisis Estatico y de Comportamiento de un Binario Malicioso
Analisis Estatico y de Comportamiento de un Binario MaliciosoAnalisis Estatico y de Comportamiento de un Binario Malicioso
Analisis Estatico y de Comportamiento de un Binario MaliciosoConferencias FIST
 
Basic Malware Analysis
Basic Malware AnalysisBasic Malware Analysis
Basic Malware AnalysisAlbert Hui
 
Ch0 1
Ch0 1Ch0 1
Ch0 1TylerDerdun
 
Basic malware analysis
Basic malware analysisBasic malware analysis
Basic malware analysissecurityxploded
 
Reverse Engineering 101
Reverse Engineering 101Reverse Engineering 101
Reverse Engineering 101ysurer
 
Malware analysis
Malware analysisMalware analysis
Malware analysisPrakashchand Suthar
 
Introduction To Exploitation & Metasploit
Introduction To Exploitation & MetasploitIntroduction To Exploitation & Metasploit
Introduction To Exploitation & MetasploitRaghav Bisht
 

Recomendados

Bug Finding - K.K.Mookhey
Bug Finding - K.K.MookheyBug Finding - K.K.Mookhey
Bug Finding - K.K.Mookheyamiable_indian
 
Analisis Estatico y de Comportamiento de un Binario Malicioso
Analisis Estatico y de Comportamiento de un Binario MaliciosoAnalisis Estatico y de Comportamiento de un Binario Malicioso
Analisis Estatico y de Comportamiento de un Binario MaliciosoConferencias FIST
 
Basic Malware Analysis
Basic Malware AnalysisBasic Malware Analysis
Basic Malware AnalysisAlbert Hui
 
Ch0 1
Ch0 1Ch0 1
Ch0 1TylerDerdun
 
Basic malware analysis
Basic malware analysisBasic malware analysis
Basic malware analysissecurityxploded
 
Reverse Engineering 101
Reverse Engineering 101Reverse Engineering 101
Reverse Engineering 101ysurer
 
Malware analysis
Malware analysisMalware analysis
Malware analysisPrakashchand Suthar
 
Introduction To Exploitation & Metasploit
Introduction To Exploitation & MetasploitIntroduction To Exploitation & Metasploit
Introduction To Exploitation & MetasploitRaghav Bisht
 
Building next gen malware behavioural analysis environment
Building next gen malware behavioural analysis environment Building next gen malware behavioural analysis environment
Building next gen malware behavioural analysis environment isc2-hellenic
 
aleph - Malware analysis pipelining for the masses
aleph - Malware analysis pipelining for the massesaleph - Malware analysis pipelining for the masses
aleph - Malware analysis pipelining for the massesJan Seidl
 
Metasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner ClassMetasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner ClassGeorgia Weidman
 
Automated defense from rootkit attacks
Automated defense from rootkit attacksAutomated defense from rootkit attacks
Automated defense from rootkit attacksUltraUploader
 
Metasploit
MetasploitMetasploit
MetasploitLalith Sai
 
Metasploit & Windows Kernel Exploitation
Metasploit & Windows Kernel ExploitationMetasploit & Windows Kernel Exploitation
Metasploit & Windows Kernel ExploitationzeroSteiner
 
Metasploit framework in Network Security
Metasploit framework in Network SecurityMetasploit framework in Network Security
Metasploit framework in Network SecurityAshok Reddy Medikonda
 
Analysis Of Adverarial Code - The Role of Malware Kits
Analysis Of Adverarial Code - The Role of Malware KitsAnalysis Of Adverarial Code - The Role of Malware Kits
Analysis Of Adverarial Code - The Role of Malware KitsRahul Mohandas
 
Metasploit (Module-1) - Getting Started With Metasploit
Metasploit (Module-1) - Getting Started With MetasploitMetasploit (Module-1) - Getting Started With Metasploit
Metasploit (Module-1) - Getting Started With MetasploitAnurag Srivastava
 
IDA Vulnerabilities and Bug Bounty  by Masaaki Chida
IDA Vulnerabilities and Bug Bounty  by Masaaki ChidaIDA Vulnerabilities and Bug Bounty  by Masaaki Chida
IDA Vulnerabilities and Bug Bounty  by Masaaki ChidaCODE BLUE
 
Introducing IoT Crusher (Open Source Version)
Introducing IoT Crusher (Open Source Version)Introducing IoT Crusher (Open Source Version)
Introducing IoT Crusher (Open Source Version)Ken Belva
 
Malware analysis - What to learn from your invaders
Malware analysis - What to learn from your invadersMalware analysis - What to learn from your invaders
Malware analysis - What to learn from your invadersTazdrumm3r
 
Detecting Evasive Malware in Sandbox
Detecting Evasive Malware in SandboxDetecting Evasive Malware in Sandbox
Detecting Evasive Malware in SandboxRahul Mohandas
 
Metasploit framwork
Metasploit framworkMetasploit framwork
Metasploit framworkDeepanshu Gajbhiye
 
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an..."Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...SegInfo
 
Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...
Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...
Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...CODE BLUE
 
SANS Digital Forensics and Incident Response Poster 2012
SANS Digital Forensics and Incident Response Poster 2012SANS Digital Forensics and Incident Response Poster 2012
SANS Digital Forensics and Incident Response Poster 2012Rian Yulian
 
Oleksyk applied-anti-forensics
Oleksyk applied-anti-forensicsOleksyk applied-anti-forensics
Oleksyk applied-anti-forensicsDefconRussia
 
Penetration testing using metasploit
Penetration testing using metasploitPenetration testing using metasploit
Penetration testing using metasploitAashish R
 
Metaploit
MetaploitMetaploit
MetaploitAjinkya Pathak
 
Executive Insights - Whiteboarding on Purpose
Executive Insights - Whiteboarding on PurposeExecutive Insights - Whiteboarding on Purpose
Executive Insights - Whiteboarding on PurposeCorporate Visions
 
Key logger,Why? and How to prevent Them?
Key logger,Why? and How to prevent Them?Key logger,Why? and How to prevent Them?
Key logger,Why? and How to prevent Them?Bibek Sharma
 

Mais conteúdo relacionado

Mais procurados

Building next gen malware behavioural analysis environment
Building next gen malware behavioural analysis environment Building next gen malware behavioural analysis environment
Building next gen malware behavioural analysis environment isc2-hellenic
 
aleph - Malware analysis pipelining for the masses
aleph - Malware analysis pipelining for the massesaleph - Malware analysis pipelining for the masses
aleph - Malware analysis pipelining for the massesJan Seidl
 
Metasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner ClassMetasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner ClassGeorgia Weidman
 
Automated defense from rootkit attacks
Automated defense from rootkit attacksAutomated defense from rootkit attacks
Automated defense from rootkit attacksUltraUploader
 
Metasploit & Windows Kernel Exploitation
Metasploit & Windows Kernel ExploitationMetasploit & Windows Kernel Exploitation
Metasploit & Windows Kernel ExploitationzeroSteiner
 
Metasploit framework in Network Security
Metasploit framework in Network SecurityMetasploit framework in Network Security
Metasploit framework in Network SecurityAshok Reddy Medikonda
 
Analysis Of Adverarial Code - The Role of Malware Kits
Analysis Of Adverarial Code - The Role of Malware KitsAnalysis Of Adverarial Code - The Role of Malware Kits
Analysis Of Adverarial Code - The Role of Malware KitsRahul Mohandas
 
Metasploit (Module-1) - Getting Started With Metasploit
Metasploit (Module-1) - Getting Started With MetasploitMetasploit (Module-1) - Getting Started With Metasploit
Metasploit (Module-1) - Getting Started With MetasploitAnurag Srivastava
 
IDA Vulnerabilities and Bug Bounty  by Masaaki Chida
IDA Vulnerabilities and Bug Bounty  by Masaaki ChidaIDA Vulnerabilities and Bug Bounty  by Masaaki Chida
IDA Vulnerabilities and Bug Bounty  by Masaaki ChidaCODE BLUE
 
Introducing IoT Crusher (Open Source Version)
Introducing IoT Crusher (Open Source Version)Introducing IoT Crusher (Open Source Version)
Introducing IoT Crusher (Open Source Version)Ken Belva
 
Malware analysis - What to learn from your invaders
Malware analysis - What to learn from your invadersMalware analysis - What to learn from your invaders
Malware analysis - What to learn from your invadersTazdrumm3r
 
Detecting Evasive Malware in Sandbox
Detecting Evasive Malware in SandboxDetecting Evasive Malware in Sandbox
Detecting Evasive Malware in SandboxRahul Mohandas
 
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an..."Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...SegInfo
 
Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...
Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...
Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...CODE BLUE
 
SANS Digital Forensics and Incident Response Poster 2012
SANS Digital Forensics and Incident Response Poster 2012SANS Digital Forensics and Incident Response Poster 2012
SANS Digital Forensics and Incident Response Poster 2012Rian Yulian
 
Oleksyk applied-anti-forensics
Oleksyk applied-anti-forensicsOleksyk applied-anti-forensics
Oleksyk applied-anti-forensicsDefconRussia
 
Penetration testing using metasploit
Penetration testing using metasploitPenetration testing using metasploit
Penetration testing using metasploitAashish R
 

Mais procurados (20)

Building next gen malware behavioural analysis environment
Building next gen malware behavioural analysis environment Building next gen malware behavioural analysis environment
Building next gen malware behavioural analysis environment
 
aleph - Malware analysis pipelining for the masses
aleph - Malware analysis pipelining for the massesaleph - Malware analysis pipelining for the masses
aleph - Malware analysis pipelining for the masses
 
Metasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner ClassMetasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner Class
 
Automated defense from rootkit attacks
Automated defense from rootkit attacksAutomated defense from rootkit attacks
Automated defense from rootkit attacks
 
Metasploit
MetasploitMetasploit
Metasploit
 
Metasploit & Windows Kernel Exploitation
Metasploit & Windows Kernel ExploitationMetasploit & Windows Kernel Exploitation
Metasploit & Windows Kernel Exploitation
 
Metasploit framework in Network Security
Metasploit framework in Network SecurityMetasploit framework in Network Security
Metasploit framework in Network Security
 
Analysis Of Adverarial Code - The Role of Malware Kits
Analysis Of Adverarial Code - The Role of Malware KitsAnalysis Of Adverarial Code - The Role of Malware Kits
Analysis Of Adverarial Code - The Role of Malware Kits
 
Metasploit (Module-1) - Getting Started With Metasploit
Metasploit (Module-1) - Getting Started With MetasploitMetasploit (Module-1) - Getting Started With Metasploit
Metasploit (Module-1) - Getting Started With Metasploit
 
IDA Vulnerabilities and Bug Bounty  by Masaaki Chida
IDA Vulnerabilities and Bug Bounty  by Masaaki ChidaIDA Vulnerabilities and Bug Bounty  by Masaaki Chida
IDA Vulnerabilities and Bug Bounty  by Masaaki Chida
 
Introducing IoT Crusher (Open Source Version)
Introducing IoT Crusher (Open Source Version)Introducing IoT Crusher (Open Source Version)
Introducing IoT Crusher (Open Source Version)
 
Malware analysis - What to learn from your invaders
Malware analysis - What to learn from your invadersMalware analysis - What to learn from your invaders
Malware analysis - What to learn from your invaders
 
Detecting Evasive Malware in Sandbox
Detecting Evasive Malware in SandboxDetecting Evasive Malware in Sandbox
Detecting Evasive Malware in Sandbox
 
Metasploit framwork
Metasploit framworkMetasploit framwork
Metasploit framwork
 
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an..."Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...
 
Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...
Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...
Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...
 
SANS Digital Forensics and Incident Response Poster 2012
SANS Digital Forensics and Incident Response Poster 2012SANS Digital Forensics and Incident Response Poster 2012
SANS Digital Forensics and Incident Response Poster 2012
 
Oleksyk applied-anti-forensics
Oleksyk applied-anti-forensicsOleksyk applied-anti-forensics
Oleksyk applied-anti-forensics
 
Penetration testing using metasploit
Penetration testing using metasploitPenetration testing using metasploit
Penetration testing using metasploit
 
Metaploit
MetaploitMetaploit
Metaploit
 

Destaque

Executive Insights - Whiteboarding on Purpose
Executive Insights - Whiteboarding on PurposeExecutive Insights - Whiteboarding on Purpose
Executive Insights - Whiteboarding on PurposeCorporate Visions
 
Key logger,Why? and How to prevent Them?
Key logger,Why? and How to prevent Them?Key logger,Why? and How to prevent Them?
Key logger,Why? and How to prevent Them?Bibek Sharma
 
Rootkit 102 - Kernel-Based Rootkit
Rootkit 102 - Kernel-Based RootkitRootkit 102 - Kernel-Based Rootkit
Rootkit 102 - Kernel-Based RootkitChia-Hao Tsai
 
Cyber Surveillance - Honors English 1 Presentation
Cyber Surveillance - Honors English 1 PresentationCyber Surveillance - Honors English 1 Presentation
Cyber Surveillance - Honors English 1 Presentationaxnv
 

Destaque (7)

Executive Insights - Whiteboarding on Purpose
Executive Insights - Whiteboarding on PurposeExecutive Insights - Whiteboarding on Purpose
Executive Insights - Whiteboarding on Purpose
 
Key logger,Why? and How to prevent Them?
Key logger,Why? and How to prevent Them?Key logger,Why? and How to prevent Them?
Key logger,Why? and How to prevent Them?
 
Malware
MalwareMalware
Malware
 
What is keylogger
What is keyloggerWhat is keylogger
What is keylogger
 
Rootkit 102 - Kernel-Based Rootkit
Rootkit 102 - Kernel-Based RootkitRootkit 102 - Kernel-Based Rootkit
Rootkit 102 - Kernel-Based Rootkit
 
GARIN MONO DE MIERDA
GARIN MONO DE MIERDAGARIN MONO DE MIERDA
GARIN MONO DE MIERDA
 
Cyber Surveillance - Honors English 1 Presentation
Cyber Surveillance - Honors English 1 PresentationCyber Surveillance - Honors English 1 Presentation
Cyber Surveillance - Honors English 1 Presentation
 

Semelhante a Rootkit Hunting & Compromise Detection

HackInBo2k16 - Threat Intelligence and Malware Analysis
HackInBo2k16 - Threat Intelligence and Malware AnalysisHackInBo2k16 - Threat Intelligence and Malware Analysis
HackInBo2k16 - Threat Intelligence and Malware AnalysisAntonio Parata
 
Joanna Rutkowska Subverting Vista Kernel
Joanna Rutkowska Subverting Vista KernelJoanna Rutkowska Subverting Vista Kernel
Joanna Rutkowska Subverting Vista Kernelguestf1a032
 
The Media Access Control Address
The Media Access Control AddressThe Media Access Control Address
The Media Access Control AddressAngie Lee
 
Teensy Programming for Everyone
Teensy Programming for EveryoneTeensy Programming for Everyone
Teensy Programming for EveryoneNikhil Mittal
 
File inflection techniques
File inflection techniquesFile inflection techniques
File inflection techniquesSandun Perera
 
"Viruses Exploits Rootkits the Dilemma of a Linux Product Manager" by Alexand...
"Viruses Exploits Rootkits the Dilemma of a Linux Product Manager" by Alexand..."Viruses Exploits Rootkits the Dilemma of a Linux Product Manager" by Alexand...
"Viruses Exploits Rootkits the Dilemma of a Linux Product Manager" by Alexand...eLiberatica
 
Securing your Cloud Environment v2
Securing your Cloud Environment v2Securing your Cloud Environment v2
Securing your Cloud Environment v2ShapeBlue
 
Reducing attack surface on ICS with Windows native solutions
Reducing attack surface on ICS with Windows native solutionsReducing attack surface on ICS with Windows native solutions
Reducing attack surface on ICS with Windows native solutionsJan Seidl
 
CarolinaCon 2008 Rootkits Then and Now
CarolinaCon 2008 Rootkits Then and NowCarolinaCon 2008 Rootkits Then and Now
CarolinaCon 2008 Rootkits Then and NowTyler Shields
 
Hacking the future with USB HID
Hacking the future with USB HIDHacking the future with USB HID
Hacking the future with USB HIDNikhil Mittal
 
Intro to NSM with Security Onion - AusCERT
Intro to NSM with Security Onion - AusCERTIntro to NSM with Security Onion - AusCERT
Intro to NSM with Security Onion - AusCERTAshley Deuble
 
How to convince a malware to avoid us
How to convince a malware to avoid usHow to convince a malware to avoid us
How to convince a malware to avoid usCsaba Fitzl
 
Malware-Reverse-Engineering-BeginnerToAdvanced-By-Abhijit-Mohanta-1.pdf
Malware-Reverse-Engineering-BeginnerToAdvanced-By-Abhijit-Mohanta-1.pdfMalware-Reverse-Engineering-BeginnerToAdvanced-By-Abhijit-Mohanta-1.pdf
Malware-Reverse-Engineering-BeginnerToAdvanced-By-Abhijit-Mohanta-1.pdfAbhijit Mohanta
 
Embedded government espionage
Embedded government espionageEmbedded government espionage
Embedded government espionageMuts Byte
 
Informative news about an anti virus progra1
Informative news about an anti virus progra1Informative news about an anti virus progra1
Informative news about an anti virus progra1delta1call
 

Semelhante a Rootkit Hunting & Compromise Detection (20)

Understand study
Understand studyUnderstand study
Understand study
 
Cutting out Malware
Cutting out MalwareCutting out Malware
Cutting out Malware
 
HackInBo2k16 - Threat Intelligence and Malware Analysis
HackInBo2k16 - Threat Intelligence and Malware AnalysisHackInBo2k16 - Threat Intelligence and Malware Analysis
HackInBo2k16 - Threat Intelligence and Malware Analysis
 
Rootkits
RootkitsRootkits
Rootkits
 
Joanna Rutkowska Subverting Vista Kernel
Joanna Rutkowska Subverting Vista KernelJoanna Rutkowska Subverting Vista Kernel
Joanna Rutkowska Subverting Vista Kernel
 
The Media Access Control Address
The Media Access Control AddressThe Media Access Control Address
The Media Access Control Address
 
D-Cipher
D-CipherD-Cipher
D-Cipher
 
Teensy Programming for Everyone
Teensy Programming for EveryoneTeensy Programming for Everyone
Teensy Programming for Everyone
 
File inflection techniques
File inflection techniquesFile inflection techniques
File inflection techniques
 
"Viruses Exploits Rootkits the Dilemma of a Linux Product Manager" by Alexand...
"Viruses Exploits Rootkits the Dilemma of a Linux Product Manager" by Alexand..."Viruses Exploits Rootkits the Dilemma of a Linux Product Manager" by Alexand...
"Viruses Exploits Rootkits the Dilemma of a Linux Product Manager" by Alexand...
 
App locker
App lockerApp locker
App locker
 
Securing your Cloud Environment v2
Securing your Cloud Environment v2Securing your Cloud Environment v2
Securing your Cloud Environment v2
 
Reducing attack surface on ICS with Windows native solutions
Reducing attack surface on ICS with Windows native solutionsReducing attack surface on ICS with Windows native solutions
Reducing attack surface on ICS with Windows native solutions
 
CarolinaCon 2008 Rootkits Then and Now
CarolinaCon 2008 Rootkits Then and NowCarolinaCon 2008 Rootkits Then and Now
CarolinaCon 2008 Rootkits Then and Now
 
Hacking the future with USB HID
Hacking the future with USB HIDHacking the future with USB HID
Hacking the future with USB HID
 
Intro to NSM with Security Onion - AusCERT
Intro to NSM with Security Onion - AusCERTIntro to NSM with Security Onion - AusCERT
Intro to NSM with Security Onion - AusCERT
 
How to convince a malware to avoid us
How to convince a malware to avoid usHow to convince a malware to avoid us
How to convince a malware to avoid us
 
Malware-Reverse-Engineering-BeginnerToAdvanced-By-Abhijit-Mohanta-1.pdf
Malware-Reverse-Engineering-BeginnerToAdvanced-By-Abhijit-Mohanta-1.pdfMalware-Reverse-Engineering-BeginnerToAdvanced-By-Abhijit-Mohanta-1.pdf
Malware-Reverse-Engineering-BeginnerToAdvanced-By-Abhijit-Mohanta-1.pdf
 
Embedded government espionage
Embedded government espionageEmbedded government espionage
Embedded government espionage
 
Informative news about an anti virus progra1
Informative news about an anti virus progra1Informative news about an anti virus progra1
Informative news about an anti virus progra1
 

Mais de amiable_indian

Phishing As Tragedy of the Commons
Phishing As Tragedy of the CommonsPhishing As Tragedy of the Commons
Phishing As Tragedy of the Commonsamiable_indian
 
Cisco IOS Attack & Defense - The State of the Art
Cisco IOS Attack & Defense - The State of the Art Cisco IOS Attack & Defense - The State of the Art
Cisco IOS Attack & Defense - The State of the Art amiable_indian
 
Secrets of Top Pentesters
Secrets of Top PentestersSecrets of Top Pentesters
Secrets of Top Pentestersamiable_indian
 
Workshop on Wireless Security
Workshop on Wireless SecurityWorkshop on Wireless Security
Workshop on Wireless Securityamiable_indian
 
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...amiable_indian
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CDamiable_indian
 
Reverse Engineering for exploit writers
Reverse Engineering for exploit writersReverse Engineering for exploit writers
Reverse Engineering for exploit writersamiable_indian
 
State of Cyber Law in India
State of Cyber Law in IndiaState of Cyber Law in India
State of Cyber Law in Indiaamiable_indian
 
AntiSpam - Understanding the good, the bad and the ugly
AntiSpam - Understanding the good, the bad and the uglyAntiSpam - Understanding the good, the bad and the ugly
AntiSpam - Understanding the good, the bad and the uglyamiable_indian
 
Reverse Engineering v/s Secure Coding
Reverse Engineering v/s Secure CodingReverse Engineering v/s Secure Coding
Reverse Engineering v/s Secure Codingamiable_indian
 
Network Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons LearnedNetwork Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons Learnedamiable_indian
 
Economic offenses through Credit Card Frauds Dissected
Economic offenses through Credit Card Frauds DissectedEconomic offenses through Credit Card Frauds Dissected
Economic offenses through Credit Card Frauds Dissectedamiable_indian
 
Immune IT: Moving from Security to Immunity
Immune IT: Moving from Security to ImmunityImmune IT: Moving from Security to Immunity
Immune IT: Moving from Security to Immunityamiable_indian
 
Reverse Engineering for exploit writers
Reverse Engineering for exploit writersReverse Engineering for exploit writers
Reverse Engineering for exploit writersamiable_indian
 
Hacking Client Side Insecurities
Hacking Client Side InsecuritiesHacking Client Side Insecurities
Hacking Client Side Insecuritiesamiable_indian
 
Web Exploit Finder Presentation
Web Exploit Finder PresentationWeb Exploit Finder Presentation
Web Exploit Finder Presentationamiable_indian
 
Network Security Data Visualization
Network Security Data VisualizationNetwork Security Data Visualization
Network Security Data Visualizationamiable_indian
 
Enhancing Computer Security via End-to-End Communication Visualization
Enhancing Computer Security via End-to-End Communication Visualization Enhancing Computer Security via End-to-End Communication Visualization
Enhancing Computer Security via End-to-End Communication Visualization amiable_indian
 
Top Network Vulnerabilities Over Time
Top Network Vulnerabilities Over TimeTop Network Vulnerabilities Over Time
Top Network Vulnerabilities Over Timeamiable_indian
 
What are the Business Security Metrics?
What are the Business Security Metrics? What are the Business Security Metrics?
What are the Business Security Metrics? amiable_indian
 

Mais de amiable_indian (20)

Phishing As Tragedy of the Commons
Phishing As Tragedy of the CommonsPhishing As Tragedy of the Commons
Phishing As Tragedy of the Commons
 
Cisco IOS Attack & Defense - The State of the Art
Cisco IOS Attack & Defense - The State of the Art Cisco IOS Attack & Defense - The State of the Art
Cisco IOS Attack & Defense - The State of the Art
 
Secrets of Top Pentesters
Secrets of Top PentestersSecrets of Top Pentesters
Secrets of Top Pentesters
 
Workshop on Wireless Security
Workshop on Wireless SecurityWorkshop on Wireless Security
Workshop on Wireless Security
 
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CD
 
Reverse Engineering for exploit writers
Reverse Engineering for exploit writersReverse Engineering for exploit writers
Reverse Engineering for exploit writers
 
State of Cyber Law in India
State of Cyber Law in IndiaState of Cyber Law in India
State of Cyber Law in India
 
AntiSpam - Understanding the good, the bad and the ugly
AntiSpam - Understanding the good, the bad and the uglyAntiSpam - Understanding the good, the bad and the ugly
AntiSpam - Understanding the good, the bad and the ugly
 
Reverse Engineering v/s Secure Coding
Reverse Engineering v/s Secure CodingReverse Engineering v/s Secure Coding
Reverse Engineering v/s Secure Coding
 
Network Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons LearnedNetwork Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons Learned
 
Economic offenses through Credit Card Frauds Dissected
Economic offenses through Credit Card Frauds DissectedEconomic offenses through Credit Card Frauds Dissected
Economic offenses through Credit Card Frauds Dissected
 
Immune IT: Moving from Security to Immunity
Immune IT: Moving from Security to ImmunityImmune IT: Moving from Security to Immunity
Immune IT: Moving from Security to Immunity
 
Reverse Engineering for exploit writers
Reverse Engineering for exploit writersReverse Engineering for exploit writers
Reverse Engineering for exploit writers
 
Hacking Client Side Insecurities
Hacking Client Side InsecuritiesHacking Client Side Insecurities
Hacking Client Side Insecurities
 
Web Exploit Finder Presentation
Web Exploit Finder PresentationWeb Exploit Finder Presentation
Web Exploit Finder Presentation
 
Network Security Data Visualization
Network Security Data VisualizationNetwork Security Data Visualization
Network Security Data Visualization
 
Enhancing Computer Security via End-to-End Communication Visualization
Enhancing Computer Security via End-to-End Communication Visualization Enhancing Computer Security via End-to-End Communication Visualization
Enhancing Computer Security via End-to-End Communication Visualization
 
Top Network Vulnerabilities Over Time
Top Network Vulnerabilities Over TimeTop Network Vulnerabilities Over Time
Top Network Vulnerabilities Over Time
 
What are the Business Security Metrics?
What are the Business Security Metrics? What are the Business Security Metrics?
What are the Business Security Metrics?
 

Último

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityWSO2
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Bhuvaneswari Subramani
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontologyjohnbeverley2021
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 

Último (20)

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 

Rootkit Hunting & Compromise Detection