SlideShare ist ein Scribd-Unternehmen logo

Root kit

Hanjian Jan
Hanjian Jan

This document discusses how to build a rootkit, which is described as a super malware, polymorph, and stealth process. It recommends using assembly language as the master of security and C as a basic language. A rootkit can perform polymorphism, stealth processes, hiding access, keylogging, and install considerations. Kernel rootkits are discussed for Linux, Solaris, and Windows platforms.

Technologie
1 von 6
Downloaden Sie, um offline zu lesen
Rootkit ? How To Build it Hanafi Ali Jan, ST, C|EH Security Analyst #HaNJiaN
Rootkit Rootkit = Super Malware Rootkit = Super Polymorph Rootkit = Super Stealth Process Rootkit = Driver for ALL Platform
How To Build ?  • Asm = Master of “Security” • C = Semi Core & Basic Lenguage for it • C# = Controller for it
Rootkit Power  • Polimorph • Double Self • Stealth Process • Hidding Access • Keylogging • Installing Considerations • Ghost Tracker • E-mail Reporting • Filter Drivers • Users Hooks • Kernel Hooks • Control Processing
Kernel Rootkit in Platform Knark (Linux) Adore (Linux) Plasmoid’s Solaris Loadable (Solaris) Windows NT kernel-level RootKit (Windows)

Empfohlen

Designing a Highly Available Environment Using Methods of Modern IT Infrastru...
Designing a Highly Available Environment Using Methods of Modern IT Infrastru...Designing a Highly Available Environment Using Methods of Modern IT Infrastru...
Designing a Highly Available Environment Using Methods of Modern IT Infrastru...
Perforce
 
BlueHat v18 || Massive scale usb device driver fuzz without device
BlueHat v18 || Massive scale usb device driver fuzz without deviceBlueHat v18 || Massive scale usb device driver fuzz without device
BlueHat v18 || Massive scale usb device driver fuzz without device
BlueHat Security Conference
 
BlueHat v18 || Linear time shellcode detection using state machines and opera...
BlueHat v18 || Linear time shellcode detection using state machines and opera...BlueHat v18 || Linear time shellcode detection using state machines and opera...
BlueHat v18 || Linear time shellcode detection using state machines and opera...
BlueHat Security Conference
 
Csw2017 bazhaniuk exploring_yoursystemdeeper_updated
Csw2017 bazhaniuk exploring_yoursystemdeeper_updatedCsw2017 bazhaniuk exploring_yoursystemdeeper_updated
Csw2017 bazhaniuk exploring_yoursystemdeeper_updated
CanSecWest
 
Drone Hijacking
Drone HijackingDrone Hijacking
Drone Hijacking
Ibrahim Mosaad
 
kci-linuxcon
kci-linuxconkci-linuxcon
kci-linuxcon
Tyler Baker
 
KVM/ARM Nested Virtualization Support and Performance - SFO17-410
KVM/ARM Nested Virtualization Support and Performance - SFO17-410KVM/ARM Nested Virtualization Support and Performance - SFO17-410
KVM/ARM Nested Virtualization Support and Performance - SFO17-410
Linaro
 
Building Trojan Hardware at Home
Building Trojan Hardware at HomeBuilding Trojan Hardware at Home
Building Trojan Hardware at Home
E Hacking
 

Empfohlen

Designing a Highly Available Environment Using Methods of Modern IT Infrastru...
Designing a Highly Available Environment Using Methods of Modern IT Infrastru...Designing a Highly Available Environment Using Methods of Modern IT Infrastru...
Designing a Highly Available Environment Using Methods of Modern IT Infrastru...
Perforce
 
BlueHat v18 || Massive scale usb device driver fuzz without device
BlueHat v18 || Massive scale usb device driver fuzz without deviceBlueHat v18 || Massive scale usb device driver fuzz without device
BlueHat v18 || Massive scale usb device driver fuzz without device
BlueHat Security Conference
 
BlueHat v18 || Linear time shellcode detection using state machines and opera...
BlueHat v18 || Linear time shellcode detection using state machines and opera...BlueHat v18 || Linear time shellcode detection using state machines and opera...
BlueHat v18 || Linear time shellcode detection using state machines and opera...
BlueHat Security Conference
 
Csw2017 bazhaniuk exploring_yoursystemdeeper_updated
Csw2017 bazhaniuk exploring_yoursystemdeeper_updatedCsw2017 bazhaniuk exploring_yoursystemdeeper_updated
Csw2017 bazhaniuk exploring_yoursystemdeeper_updated
CanSecWest
 
Drone Hijacking
Drone HijackingDrone Hijacking
Drone Hijacking
Ibrahim Mosaad
 
kci-linuxcon
kci-linuxconkci-linuxcon
kci-linuxcon
Tyler Baker
 
KVM/ARM Nested Virtualization Support and Performance - SFO17-410
KVM/ARM Nested Virtualization Support and Performance - SFO17-410KVM/ARM Nested Virtualization Support and Performance - SFO17-410
KVM/ARM Nested Virtualization Support and Performance - SFO17-410
Linaro
 
Building Trojan Hardware at Home
Building Trojan Hardware at HomeBuilding Trojan Hardware at Home
Building Trojan Hardware at Home
E Hacking
 
Jersey's resume
Jersey's resumeJersey's resume
Jersey's resume
Jersey99
 
China job interview tv show
China job interview tv showChina job interview tv show
China job interview tv show
madeleinefeng
 
Png 492 pec final-presentation[1][1]
Png 492 pec final-presentation[1][1]Png 492 pec final-presentation[1][1]
Png 492 pec final-presentation[1][1]
nas-psu
 
Ethical hacker
Ethical hackerEthical hacker
Ethical hacker
Hanjian Jan
 
Design for good
Design for goodDesign for good
Design for good
valmccown
 
Png 492 pec final-presentation
Png 492 pec final-presentationPng 492 pec final-presentation
Png 492 pec final-presentation
nas-psu
 
Smart board project
Smart board projectSmart board project
Smart board project
Jackie Pickard
 
Php obfuscator
Php obfuscatorPhp obfuscator
Php obfuscator
Hanjian Jan
 
General computer security
General computer securityGeneral computer security
General computer security
Hanjian Jan
 
2012 소셜미디어PR론 5조
2012 소셜미디어PR론 5조2012 소셜미디어PR론 5조
2012 소셜미디어PR론 5조
Seoyeon Kim
 
PNG 491
PNG 491PNG 491
PNG 491
nas-psu
 
Reverse engineering
Reverse engineeringReverse engineering
Reverse engineering
Hanjian Jan
 
Naspng491
Naspng491Naspng491
Naspng491
nas-psu
 
소셜미디어Pr론 5조 이슈발표
소셜미디어Pr론 5조 이슈발표소셜미디어Pr론 5조 이슈발표
소셜미디어Pr론 5조 이슈발표
Seoyeon Kim
 
Presentation1
Presentation1Presentation1
Presentation1
Stephanie Piao
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Martijn de Jong
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
Andrey Devyatkin
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
Remote DBA Services
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
apidays
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
Michael W. Hawkins
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Rafal Los
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
The Digital Insurer
 

Weitere ähnliche Inhalte

Andere mochten auch

Jersey's resume
Jersey's resumeJersey's resume
Jersey's resume
Jersey99
 
Png 492 pec final-presentation[1][1]
Png 492 pec final-presentation[1][1]Png 492 pec final-presentation[1][1]
Png 492 pec final-presentation[1][1]
nas-psu
 
Png 492 pec final-presentation
Png 492 pec final-presentationPng 492 pec final-presentation
Png 492 pec final-presentation
nas-psu
 
General computer security
General computer securityGeneral computer security
General computer security
Hanjian Jan
 
Reverse engineering
Reverse engineeringReverse engineering
Reverse engineering
Hanjian Jan
 
Naspng491
Naspng491Naspng491
Naspng491
nas-psu
 
소셜미디어Pr론 5조 이슈발표
소셜미디어Pr론 5조 이슈발표소셜미디어Pr론 5조 이슈발표
소셜미디어Pr론 5조 이슈발표
Seoyeon Kim
 

Andere mochten auch (15)

Jersey's resume
Jersey's resumeJersey's resume
Jersey's resume
 
China job interview tv show
China job interview tv showChina job interview tv show
China job interview tv show
 
Png 492 pec final-presentation[1][1]
Png 492 pec final-presentation[1][1]Png 492 pec final-presentation[1][1]
Png 492 pec final-presentation[1][1]
 
Ethical hacker
Ethical hackerEthical hacker
Ethical hacker
 
Design for good
Design for goodDesign for good
Design for good
 
Png 492 pec final-presentation
Png 492 pec final-presentationPng 492 pec final-presentation
Png 492 pec final-presentation
 
Smart board project
Smart board projectSmart board project
Smart board project
 
Php obfuscator
Php obfuscatorPhp obfuscator
Php obfuscator
 
General computer security
General computer securityGeneral computer security
General computer security
 
2012 소셜미디어PR론 5조
2012 소셜미디어PR론 5조2012 소셜미디어PR론 5조
2012 소셜미디어PR론 5조
 
PNG 491
PNG 491PNG 491
PNG 491
 
Reverse engineering
Reverse engineeringReverse engineering
Reverse engineering
 
Naspng491
Naspng491Naspng491
Naspng491
 
소셜미디어Pr론 5조 이슈발표
소셜미디어Pr론 5조 이슈발표소셜미디어Pr론 5조 이슈발표
소셜미디어Pr론 5조 이슈발표
 
Presentation1
Presentation1Presentation1
Presentation1
 

Kürzlich hochgeladen

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 

Kürzlich hochgeladen (20)

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 

Root kit

  • 1. Rootkit ? How To Build it Hanafi Ali Jan, ST, C|EH Security Analyst #HaNJiaN
  • 2.
  • 3. Rootkit Rootkit = Super Malware Rootkit = Super Polymorph Rootkit = Super Stealth Process Rootkit = Driver for ALL Platform
  • 4. How To Build ?  • Asm = Master of “Security” • C = Semi Core & Basic Lenguage for it • C# = Controller for it
  • 5. Rootkit Power  • Polimorph • Double Self • Stealth Process • Hidding Access • Keylogging • Installing Considerations • Ghost Tracker • E-mail Reporting • Filter Drivers • Users Hooks • Kernel Hooks • Control Processing
  • 6. Kernel Rootkit in Platform Knark (Linux) Adore (Linux) Plasmoid’s Solaris Loadable (Solaris) Windows NT kernel-level RootKit (Windows)