![]() A rootkit allows an attacker to maintain root-level access to a system and grants permissions beyond those provided to the root user by allowing the direct modification of kernel space memory structures. This can be achieved via an LKM (Loadable Kernel Module), an exploit within an existing kernel-mode driver, or vulnerabilities in the interface the kernel exposes to UserLAnd processes. Rootkits are persistence mechanisms that allow an attacker code execution within kernel space. If this device cannot be certified to boot securely, where the low-level firmware is known to be uninfected, future customer data or the entire data center could be at risk of compromise. ![]() One example is Amazon Snowball, which is used for large scale data transfer via a physical device’s shipment. Techniques invented to mitigate this threat are categorized under hardware roots of trust, which attempt to create a secure foundation for all security primitives required to protect the integrity and confidentiality of a device placed in this hostile environment.įirmware configuration analysis is essential when evaluating devices from companies who ship custom hardware directly into customers’ hands and later ingest the potentially malicious hardware. TLDR: Here’s a CSV of test cases to evaluate a system’s vulnerability to rootkits and bootkits. Much of the information comes from the excellent Rootkits and Bootkits book.įollowing, I’ll describe a series of test steps which allow security engineers to determine what attack vectors are available to an attacker who is looking to persist their root level privileges beyond the capabilities provided by user-mode exploits. You might immediately re-image the affected machine, but can you be certain that the attacker’s modifications haven’t persisted in low-level firmware or via a malicious kernel-mode driver? This article explains modern and antiquated protections which attempt to prevent attackers who have already achieved root-level access from persisting via kernel-mode drivers or firmware implants. ![]() Imagine that malware with root-level privileges has been found on a machine that you manage. Can you give a hacker your hardware and still trust that computer later? Yes - and here's how.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |