Day 14 - Cyber Snacks (Rootkits)
Dylan Davis
Enterprise AI Expert | Making automation surprisingly simple | Sharing no-fluff automation tips that actually work
There many ways a hacker can attack a system, but “Rootkits” are one of the most prestigious.
A rootkit gets at the “root” of your system, hence the name. The origins of the term comes from two separate concepts…
- Root - This is Unix terminology, which refers to admin-level access. Most average folks never use this operating system, so think of it as an alternative to Windows. “Root” access means the attacker has embedded themselves into the heart of your computer.
- Kit - The software the attacker created to run on your computer.
Now a rootkit can land on your machine in many different ways, but it's traditionally broken down into two pieces between “dropping” and “loading”.
- Dropping - This is the process of getting the rootkit onto your machine (e.g. dropping the rootkit), this can be done via malicious links, rich-text files (e.g. PDF), or piggybacking on trusted software
- Loading - Once the rootkit has been “dropped” the “loading” process kicks into action throwing its code deep into secret parts of your machine to hide.
Rootkits come in a variety of flavors, but I won’t detail them all out here for you because this “Cyber Snack” is turning into more of a “meal” and less of a “snack”. Just know that the different levels of rootkit depend on the amount of access they have and where they’ve hidden (see below - red is bad and green is less bad)
Luckly, many newer operating systems have included this thing called “secure boot” that protects against some flavors of rootkits, so all hope is not lost. Also, successful rootkits are rare to see in the wild due to all the work it takes to create a quality one.
Below are some historical examples of rootkits.
The ever-changing landscape of cyber is fascinating, but what's more interesting is the sheer creativity and brilliance on both teams (red & blue).