Is it possible to detecting kernel level rootkit without root permission?
Perhaps you could detect the most incompetent kernel rootkits that
way. It would probably be more work that it was worth, though.
(Consider that an honest kernel can, by design and as a feature, hide
information from
I believe one of the primary strengths of a rootkit is its ability to hide
itself -- even when accessing the kernel level -- so it'd have to be a
pretty poor rootkit to achieve that. So far the only working attempt (that
ive seen at least) was the mindtrick poc done by trustwaves spider lab (?)
at
***edit ***
sorry, didnt read the earlier reply so I apologize for the redundant reply
On Jun 13, 2011 8:21 AM, 신준엽 jysy...@gmail.com wrote:
hi, ;)
i have a questions.
Is it possible to detecting kernel level rootkit without root permission?
EVT, sys_call_table, hidden process, file, etc..