Much of the information comes from the excellent Rootkits and Bootkits book.įollowing, I’ll describe a series of test steps which allow security engineers to determine what attack vectors are available to an attacker who is looking to persist their root level privileges beyond the capabilities provided by user-mode exploits. You might immediately re-image the affected machine, but can you be certain that the attacker’s modifications haven’t persisted in low-level firmware or via a malicious kernel-mode driver? This article explains modern and antiquated protections which attempt to prevent attackers who have already achieved root-level access from persisting via kernel-mode drivers or firmware implants. Imagine that malware with root-level privileges has been found on a machine that you manage. Can you give a hacker your hardware and still trust that computer later? Yes - and here's how.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |