Detecting rootkits can be difficult as, by their very nature, rootkits avoid discovery. Removing a rootkit is complex and may require a complete OS install or even replacing the hardware. The best protection against rootkits is avoidance.
- [Instructor] Detecting rootkits can be difficult,…as by their very nature,…rootkits are designed to avoid being detected.…Specialized software that essentially acts…as a host-based intrusion detection system…that monitors the activity on a single host…can be used to detect a rootkit,…and it will report if there are any files changed.…Rootkit detectors make cryptographic hashes…of important system files,…and then stores them in a database.…
It can then report what files have changed.…The software will most likely have the option to compare…by creating message digests…to check the integrity of the file,…using one of several cryptographic hash algorithms…such a Md5, SHA, or CRC32.…In addition, most file integrity software…supports multiple file types and attributes.…All have the same goal,…detecting a change in the integrity of a file.…
Tripwire is a commercial product…that monitors file integrity in real time.…Advanced Intrusion Detection Environment…is a free product that runs on any modern Unix system.…Let's talk about a cryptographic hash…
Join cybersecurity expert Lisa Bock in this course as she explains how to identify vulnerabilities in your system, and how to then take countermeasures to prevent unwanted access. Lisa explains how hackers can use a Trojan to penetrate a network and lists the methods and tools that they use. She follows up by sharing how you can perform ethical hacking of your own system to detect areas of susceptibility, so you can address the flaws and defend against attacks. She also discusses rootkits, SSDP amplification attacks, ICMP, and more.
Note: Learning about ethical hacking for Trojans and backdoors is part of the Malware competency from the Certified Ethical Hacker (CEH) body of knowledge.
- Identifying and removing Trojans
- Defending against Trojans
- Blended threats
- SSDP amplification attack
- Disguising FTP, HTTP, and ping
- Using ICMP
- Detecting, removing, and avoiding rootkits