From bd7290d7f18503609e249b8ce2b38773ac7bfb50 Mon Sep 17 00:00:00 2001
From: "iliya.saroukha" <iliya.saroukhanian@etu.hesge.ch>
Date: Wed, 22 Jan 2025 13:50:13 +0100
Subject: [PATCH] feat: rootkits explained

---
 presentations/dry-run/dry-run.qmd | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/presentations/dry-run/dry-run.qmd b/presentations/dry-run/dry-run.qmd
index 2e94d0e..d67d9df 100644
--- a/presentations/dry-run/dry-run.qmd
+++ b/presentations/dry-run/dry-run.qmd
@@ -83,6 +83,21 @@ ne générant pas de **_trap_**[^1]
 
 ## Rootkits
 
+::: {.callout-important}
+\small _"A set of software tools that enable an **unauthorized** user to **gain control**
+of a computer system **without being detected**"_ [^2]
+:::
+
+. . .
+
+| \textcolor{teal}{User mode}   | \textcolor{red}{Kernel mode} |
+|--------------- | --------------- |
+| `LD_PRELOAD` library hijacking | Syscall table _hooking_ |
+| Patching de binaire \footnotesize (e.g. `su`, `passwd`) | Injection de modules/pilotes malicieux \footnotesize(GNU/Linux, Windows) |
+
+
+[^2]: [Oxford English Dictionary, s.v. “rootkit (n.),” December 2024](https://doi.org/10.1093/OED/6892331220)
+
 ## Valeur offensive ajoutée par un hyperviseur
 
 # État de l'art
@@ -104,3 +119,7 @@ ne générant pas de **_trap_**[^1]
 ## _Timing analysis_
 
 # Conclusion
+
+# Références bibliographiques
+
+- [Rootkits: User Mode](https://www.infosecinstitute.com/resources/general-security/rootkits-user-mode-kernel-mode-part-1/)
-- 
GitLab