All Questions
55
questions
1
vote
0
answers
112
views
Is having no driver installed better than having old driver?
How safe are installed & genuine-vendor signed old drivers, specifically when attackers are spoofing Microsoft and other vendor certificates?
On older PCs and laptops where some components are no ...
0
votes
1
answer
160
views
Successful UEFI secure boot exploitation
Are there any real examples (malware, rootkits, etc.) of exploiting the UEFI secure boot mechanism vulnerabilities such as CVE-2022-21894?
2
votes
1
answer
451
views
How to protect yourself from firmware viruses
What componets of a PC do firmware viruses and rootkits infect? Secure boot is supposed to protect you from these types of viruses. Although, it doesn't protect you against rootkits in UEFI firmware ...
1
vote
2
answers
2k
views
How to securely create a bootable USB drive from a possibly infected system?
I'm not sure about my system so I want to completely wipe my HDD and reinstall Windows 10.
But I realized that an infected system can also infect a USB bootable drive.
Unfortunately, I don't have ...
4
votes
1
answer
488
views
Is Sleep mode safe?
If a PC has rootkit, when it goes into sleep mode, can rootkit do anything to it while it’s in state of sleeping? Meaning steal data, open programs and basically do anything. Assuming it’s not BIOS ...
2
votes
0
answers
426
views
What is the current (mid-2020) status of hardware rootkit/malware and possible detection/monitoring?
I've posted a question (link) related to a potential compromised computer via SSH access with root user. Although no evidence of a break-in, I'm considering extended measures to ensure (as much as ...
1
vote
0
answers
289
views
Passively read key from process memory without invoking kernel (windows 10)
I have a process that loads into memory like any other process. It contains a special key. Our goal is to read this key inside memory...or while it is in transit across the data bus from cpu. The ...
4
votes
1
answer
822
views
What are some of the benign use cases of injecting bytes into another process and creating remote thread?
Lets say, you are developing an AV, and marked any type of injecting into another process (for example openning it and writing to it) and creating remote thread malicious.
If so, what will be some of ...
1
vote
2
answers
797
views
Can rootkits hide their internet usage from resource-manager and third party software in windows 10? If so, how?
Lets say I have the latest windows 10 version. I also have DU meter for checking my network usage
I know that in windows there is a linked list of processes that many rootkits tend to remove ...
2
votes
1
answer
335
views
When to use which rootkit?
According to my understanding so far:
a kernel-space rootkits runs in ring0 and use techniques such as syscalls
a user-space rootkits runs in ring3 and uses techniques such as library injections
...
-1
votes
1
answer
401
views
Can a rootkit hide its data in slack space of pages in memory instead of disk?
So I'm asking about Linux or Windows type of rootkit/malware
is this possible? can a rootkit use the slack space in the pages of the memory instead of disk to hide data?
if so, has this ever been ...
1
vote
2
answers
582
views
Can a rootkit write to a virtual memory of a kernel process and rewrite a instruction to jump into his own malicious code inside that process?
So lets say we have a rootkit on our system
can this rootkit write something inside a kernel process?
for example in windows, can a rootkit write to ntoskrnl process, changing some functions and ...
0
votes
0
answers
285
views
How to spot malwares that hide their disk usage from Resource monitor?
So lets say a malware has hid itself from task manager, so it wont show up in there.
lets also say that it also hides its disk usage from resource monitor as well. (based on previously asked ...
2
votes
0
answers
559
views
Weird Python script found on a Mac Os X client machine [closed]
I was reviewing a Mac Os X machine (a late 2016 MacBook Pro) and I found some weird scripts in the LaunchAgent folder.
8 -rw-r--r-- 1 XX wheel 500 30 Lug 07:18 com.1e1zq.plist
8 -rw-r--r-- 1 XX ...
3
votes
1
answer
1k
views
Remove malicious rootkits and spyware from HDDs and SSDs
I have read at least twenty articles dating from the time Edward Snowden's startling revelations about rogue nations and bad actors embedding malicious rootkits and spyware in the firmware of hard ...