Title:An Analysis of Root-Kit Technologies and Strategies
Authors:Monroe, Justin
Serial Number:2010-02
Publication Date:3- 9-2010
Abstract:The research study, An Analysis of Root-Kit Technologies and Strategies was conducted at the United States Naval Academy in an effort to help define a root-kit in terms understandable by someone with a background in computing knowledge, but not necessarily with the details of how an operating system is run. Specific topics cover basic back doors into a target system, covert channels, data exfiltration, and hiding software applications in the best way possible for the level of access attained. Because root-kits are becoming more commonplace on the Internet, the Department of Defense must be able to convey the importance of Information Assurance when applications such as root-kits can be installed by any number of ways. Once a root- kit is on the machine, it becomes increasingly hard to trust any information on the machine, and should the root-kit exfiltrate any information, it may be hard to figure out what information was stolen, and how to mitigate the risks involved. The goals of the research paper were to define root-kit strategies in easy to understand phases, ranging from commonly found network tools and source code to implementation strategies of today's modern root-kits and root-kit prevention and mitigation systems. The source code contained in the paper references quick implementations of keyloggers and DLL injectors, two common applications found in a root-kit toolset to hide in the system and then log the user's habits. At the conclusion, several root-kit papers were analyzed and cataloged as they pertained to the different phases that were set up initially. Each and every tool utilized in the research study is freely available and has other, less malicious purposes. However, the research topics discussed in Phase 6, Advanced Root-Kit Implementations are current research into how to prevent root-kit installation, and to minimize the effectiveness of a root-kit. The most interesting part is that several of the projects utilize hooking and patching, two common root-kit practices to subvert the operating system to prevent root- kits from executing.
View ReportView bibtex