1
General Discussion / Re: Question about Rootkits
« on: May 26, 2018, 01:39:14 PM »
Allright, many thanks Curson for answering my questions. And, you may lock this topic
Thank you
Thank you
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
General Discussion / Re: Question about Rootkits
« on: May 24, 2018, 05:34:47 PM »
Ah, sorry I overlooked it.
Yes, I know when KMCS on, unsigned driver can not be loaded to the Kernel. But i have loaded unsigned driver in my Kernel. I think.
Yes, I know when KMCS on, unsigned driver can not be loaded to the Kernel. But i have loaded unsigned driver in my Kernel. I think.
3
General Discussion / Re: Question about Rootkits
« on: May 21, 2018, 07:05:59 PM »
Ok, and when i want to chceck if KMCS enabled, system show the similarly warning in Testsign case?
Is OK, when i have loaded unsigned driver in my Kernel (64-bit system)?
Is OK, when i have loaded unsigned driver in my Kernel (64-bit system)?
4
General Discussion / Re: Question about Rootkits
« on: May 18, 2018, 10:59:45 PM »
Ok, when i have Secure Boot ON, Testsing Can not be disabled. Can I check is Testsing ON?
5
General Discussion / Re: Question about Rootkits
« on: May 17, 2018, 08:43:50 PM »
Oh, many thanks for link. I'm going to be read this forum. And I have last question - if I have not signed driver loaded in my Kernel (on 64-bit system) it is OK?
6
General Discussion / Re: Question about Rootkits
« on: May 17, 2018, 04:02:15 PM »
Allright, Rootkit can infect Kernel via MBR or VBR, found vurneability and make a Backdoor which controls Kernel or have a signed driver. There are the only ways to infect Kernel.
I understand it correctly?
I understand it correctly?
7
General Discussion / Re: Question about Rootkits
« on: May 15, 2018, 10:22:08 PM »
Thank for your reply Curson
So, if I have 64-bit OS and Secure Boot off, I'm immune against Kernel Mode Rootkits?
I've read about User Mode program running in Kernel Mode. But I think it's too difficult.
And, there is no other way to infect Kernel?
For hooking Rootkit must be in a Kernel?
So, if I have 64-bit OS and Secure Boot off, I'm immune against Kernel Mode Rootkits?
I've read about User Mode program running in Kernel Mode. But I think it's too difficult.
And, there is no other way to infect Kernel?
For hooking Rootkit must be in a Kernel?
8
General Discussion / Re: Question about Rootkits
« on: May 13, 2018, 07:27:42 PM »
I read, if KMCS activated, driver communicate with Kernel must have a Digital Certificate. It is true? And, for disabling Patch Guard and hooking Kernel driver must have a Digital Certificate
9
General Discussion / Question about Rootkits
« on: May 12, 2018, 09:10:04 AM »
Hello I have an question about Rootkits
I heard About Rootkits who can infect Kernel via MBR or VBR (Alureon, Rovnix). And I heard some Rootkits found vurneability in Kernel and make a Backdoor which controls Kernel. And some Rootkits have a digital certificate. Some disable Code Signing and enable Test Signing. There is other way to infect Kernel in 64-bit sytem?
Thanks
I heard About Rootkits who can infect Kernel via MBR or VBR (Alureon, Rovnix). And I heard some Rootkits found vurneability in Kernel and make a Backdoor which controls Kernel. And some Rootkits have a digital certificate. Some disable Code Signing and enable Test Signing. There is other way to infect Kernel in 64-bit sytem?
Thanks
Pages: [1]
