Techly NewsGet the app

Get the latest tech news

Userland rootkits are lame (2022)


Many people may not know this, but fifteen…twenty years ago I knew a thing or two about rootkit development. I wrote detection software for a few years as well. Back then modifying the shared libraries on the disk was also vector for userland rootkits.

This malware does a load of very clever complex and cool hiding tricks to make sure that network monitoring tools don’t capture the blessed packets. Honestly, I thought this was standard practise, so I’m a bit surprised that a userland rootkit causes problems for live forensics. They can’t hide this because they would have to repack the string table, which would invalidate existing pointers to environment variables, causing system instability.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Lame

Lame

Photo of Userland Rootkits

Userland Rootkits

« Report shows that AAA games for iPhone and iPad aren't a hit with users
US to Criminally Charge Boeing, Seek Guilty Plea, Sources Say »