Rootkit research
So I am working on a presentation for one of my graduate classes on kernel malware analysis and detection/defense. After I finish with slide deck I want to show the class by recording with fraps how a rootkit can infect a machine (in a virtual environment) and then show how it can be detected and possibly prevented.
Has anyone done anything like this before? Any suggestions?
Has anyone done anything like this before? Any suggestions?
Comments
-
Asif Dasl
Member Posts: 2,116 ■■■■■■■■□□
I came across a dissection of a rootkit on Sophos if that's any help.. -
lsud00d
Member Posts: 1,571
Maybe if you did live memory analysis in a VM...I'm not sure how else you could show it using fraps -
MrAgent
Member Posts: 1,310 ■■■■■■■■□□
I plan on infecting a linux VM and a Windows VM to show how it can be done. However, Im having a hard time trying to find a rootkit for download that isnt embedded into a malware website. I want to infect the VM without the VM having any sort of networking. Who knew it would be so hard to find something like this. -
dbrink
Member Posts: 180
You could try here: contagioCurrently Reading: Learn Python The Hard Way
http://defendyoursystems.blogspot.com/ -
dbrink
Member Posts: 180
And another site: Open Malware | Community Malicious code research and analysisCurrently Reading: Learn Python The Hard Way
http://defendyoursystems.blogspot.com/ -
MrAgent
Member Posts: 1,310 ■■■■■■■■□□
Thanks. I was able to find a few samples of rootkits. I appreciate it!
