rootkitの検索結果1 - 4 件 / 4件

• あとで読む

  Microsoft blocks Trend Micro code at center of driver 'cheatware' storm from Windows 10, rootkit detector product pulled from site

  • 26 users
  • www.theregister.com
  • テクノロジー
  • 2020/05/27

  Microsoft blocks Trend Micro code at center of driver 'cheatware' storm from Windows 10, rootkit detector product pulled from site Updated Microsoft has blocked a Trend Micro driver from running on Windows 10 – and Trend has withdrawn downloads of its rootkit detector that uses the driver – after the code appeared to game Redmond's QA tests. Late last week, Trend removed downloads of its Rootkit B

  • セキュリティ
  • Windows
  • あとで読む

  
• あとで読む

  How to use Trend Micro's Rootkit Remover to Install a Rootkit

  • 9 users
  • billdemirkapi.me
  • テクノロジー
  • 2020/05/21

  The opinions expressed in this publication are those of the authors. They do not reflect the opinions or views of my employer. All research was conducted independently. For a recent project, I had to do research into methods rootkits are detected and the most effective measures to catch them when I asked the question, what are some existing solutions to rootkits and how do they function? My search

  • security
  • Windows

  
• あとで読む

  GitHub - h3xduck/TripleCross: A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.

  • 4 users
  • github.com/h3xduck
  • テクノロジー
  • 2022/07/05

  TripleCross is a Linux eBPF rootkit that demonstrates the offensive capabilities of the eBPF technology. TripleCross is inspired by previous implant designs in this area, notably the works of Jeff Dileo at DEFCON 271, Pat Hogan at DEFCON 292, Guillaume Fournier and Sylvain Afchain also at DEFCON 293, and Kris Nóva's Boopkit4. We reuse and extend some of the techniques pioneered by these previous e

  • linux
  • security

  
• あとで読む

  CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit

  • 3 users
  • securelist.com
  • 暮らし
  • 2022/07/27

  Having established what the malware implant tries to accomplish, we can now look into more detail at how each of these steps is performed. The whole execution chain begins with an EFI driver. It appears to be a patched version of a legitimate one named CSMCORE (intended to facilitate the boot of the machine in legacy mode via the MBR), where the attackers have modified the pointer to the HandlePro