Security in Computing (3rd Edition)

Info icon This preview shows pages 1–5. Sign up to view the full content.

1 Rootkits CS 161/194-1 Anthony D. Joseph December 2, 2005 December 2, 2005 CS161 Fall 2005 Joseph/Tygar/Vazirani/Wagner 2 Administrivia Final exam: – 1 LeConte Hall – Tuesday 12/13 12:30-3:30 – Comprehensive – Open books, notes, … – No electronic devices No office hours for me next Mon/Tue – Substitute hours: Th 12-1, Fr 10-11 Project 2 is on web page
Image of page 1

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

2 December 2, 2005 CS161 Fall 2005 Joseph/Tygar/Vazirani/Wagner 3 Outline How to tell you’ve been 0wned? What is a rootkit? History of rootkits User-mode rootkits Kernel module/hooking rootkits December 2, 2005 CS161 Fall 2005 Joseph/Tygar/Vazirani/Wagner 4 You’ve Been 0wned! How can you tell when your machine has been compromised or taken over? • “Odd” processes • “Odd” windows • “Extra” files Changed registry/configuration files “Extra” network connections, open ports • …
Image of page 2