From bd7290d7f18503609e249b8ce2b38773ac7bfb50 Mon Sep 17 00:00:00 2001 From: "iliya.saroukha" <iliya.saroukhanian@etu.hesge.ch> Date: Wed, 22 Jan 2025 13:50:13 +0100 Subject: [PATCH] feat: rootkits explained --- presentations/dry-run/dry-run.qmd | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/presentations/dry-run/dry-run.qmd b/presentations/dry-run/dry-run.qmd index 2e94d0e..d67d9df 100644 --- a/presentations/dry-run/dry-run.qmd +++ b/presentations/dry-run/dry-run.qmd @@ -83,6 +83,21 @@ ne générant pas de **_trap_**[^1] ## Rootkits +::: {.callout-important} +\small _"A set of software tools that enable an **unauthorized** user to **gain control** +of a computer system **without being detected**"_ [^2] +::: + +. . . + +| \textcolor{teal}{User mode} | \textcolor{red}{Kernel mode} | +|--------------- | --------------- | +| `LD_PRELOAD` library hijacking | Syscall table _hooking_ | +| Patching de binaire \footnotesize (e.g. `su`, `passwd`) | Injection de modules/pilotes malicieux \footnotesize(GNU/Linux, Windows) | + + +[^2]: [Oxford English Dictionary, s.v. “rootkit (n.),” December 2024](https://doi.org/10.1093/OED/6892331220) + ## Valeur offensive ajoutée par un hyperviseur # État de l'art @@ -104,3 +119,7 @@ ne générant pas de **_trap_**[^1] ## _Timing analysis_ # Conclusion + +# Références bibliographiques + +- [Rootkits: User Mode](https://www.infosecinstitute.com/resources/general-security/rootkits-user-mode-kernel-mode-part-1/) -- GitLab