120 likes | 138 Vues
Learn about rootkits, stealthy tools that can infiltrate operating systems, compromising security. Explore types, examples, and implications in this comprehensive guide.
E N D
Writing and Rootkits. Info Security
Admin • Papers • Topic • Main: Phil • Backup: John • One from me • http://www.geek.com/news/geeknews/2005Nov/gee20051122033430.htm • Class times and finals schedule.
Papers • Section headings • Longer paper, use section headings. • Look at the assignment, several sections required. • For related work section • Start new paragraph for each complete experiment that you describe. • When describing work • Use names, not “a journalist” or “a person”, “a magazine” • Instead • “Sam Smith showed...” “Chavez at security.com did an...”
Mass vs Count again • Most modifies • Plural nouns or mass nouns • The most chickens • The most money • Largest • Singular nouns • Largest chicken • Largest amount. • Largest portion.
Reminders • A few repeat reminders • Avoid the passive!! • Sometimes it can't be helped, but a half dozen times in a paper this short should raise alarm bells. • Subject verb agreement • Make sure antecedents of all pronouns are clear • ';' separates two closely related sentences • Be careful of simile and metaphor • A outscored B • No feelings • Rarely does it matter what you feel, but what you believe
Next Draft • Have a section for each of the sections listed in the assignment. (first person ok) • Intro • Talk about spam, where it comes from its problems etc. • Related work • Describe at least two other experiments (with two citations) • Experiment • Describe the experiment setup. (not the results) • Use past tense next time (you did this already) • Results • Talk about the spam you received and where and when
Next Draft II • Discuss results • Analyze what it means • What does it mean that email address 3 got more spam? • Conclusion • Summarize, why is spam bad, results and implications for experiment • Any future work that seems immediately indicated. • I've made copies so improve your work.
Rootkits • Definition: • Trojan horse backdoor tools that modify existing operating system software so that an attacker can hide on a machine and keep access to it. (skoudis) • Note difference from everything that we've looked at thus far: • Other software inserts itself in addition to existing software • Rootkits replace parts.
Rootkits • Disguised to look like normal parts of the system • Replace dir command from dos for example. • Generally new version do not write to log files • Most administrative actions logged • Network connections logged too. • Two types: • Usermode (replace programs that users use) • Kernal mode (modifies the heart of the operating system) • Don't give admin access • hide the fact that attacker has it
MSWindows RootKit • Example • FakeGINA • User mode rootkit • Used to logon to windows • Intercepts username, domain, password from winNT/200 machines • http://ntsecurity.nu/toolbox/fakegina/
Windows File protection • Replaces any modified versions of a system program • Does so transparently • What are the implications? • Why is fakeGina not affected?
More Next Monday • Have a good Thanksgiving.