feat: rootkits explained

bd7290d7 · iliya.saroukha · f552fe72 · bd7290d7
Commit bd7290d7 authored 3 months ago by iliya.saroukha
--- a/presentations/dry-run/dry-run.qmd
+++ b/presentations/dry-run/dry-run.qmd
@@ -83,6 +83,21 @@ ne générant pas de **_trap_**[^1]

 ## Rootkits

+::: {.callout-important}
+\small _"A set of software tools that enable an **unauthorized** user to **gain control**
+of a computer system **without being detected**"_ [^2]
+:::
+
+. . .
+
+| \textcolor{teal}{User mode}   | \textcolor{red}{Kernel mode} |
+|--------------- | --------------- |
+| `LD_PRELOAD` library hijacking | Syscall table _hooking_ |
+| Patching de binaire \footnotesize (e.g. `su`, `passwd`) | Injection de modules/pilotes malicieux \footnotesize(GNU/Linux, Windows) |
+
+
+[^2]: [Oxford English Dictionary, s.v. “rootkit (n.),” December 2024](https://doi.org/10.1093/OED/6892331220)
+
 ## Valeur offensive ajoutée par un hyperviseur

 # État de l'art
@@ -104,3 +119,7 @@ ne générant pas de **_trap_**[^1]
 ## _Timing analysis_

 # Conclusion
+
+# Références bibliographiques
+
+- [Rootkits: User Mode](https://www.infosecinstitute.com/resources/general-security/rootkits-user-mode-kernel-mode-part-1/)