rootkits – Page 3 – WindowsTechs.com

Is there any security technology/technique beside tpm/secure boot which can verify the integrity of the bios or bootloader?

Posted on August 6, 2022 by User4857

For any file on your OS you can get a md5 or sha256 value and if you suspect anything you get it again and compare. I was wondering if there is any way to do the same with the bios and bootloader and check their integrity manually. Can you… Continue reading Is there any security technology/technique beside tpm/secure boot which can verify the integrity of the bios or bootloader?→

New UFEI Rootkit

Posted on July 28, 2022 by Bruce Schneier

Kaspersky is reporting on a new UFEI rootkit that survives reinstalling the operating system and replacing the hard drive. From an article:

The firmware compromises the UEFI, the low-level and highly opaque chain of firmware required to boot up nearly every modern computer. As the software that bridges a PC’s device firmware with its operating system, the UEFI—short for Unified Extensible Firmware Interface—is an OS in its own right. It’s located in an SPI-connected flash storage chip soldered onto the computer motherboard, making it difficult to inspect or patch the code. Because it’s the first thing to run when a computer is turned on, it influences the OS, security apps, and all other software that follows. …

Continue reading New UFEI Rootkit→

CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit

Posted on July 25, 2022 by GReAT

In this report, we present a UEFI firmware rootkit that we called CosmicStrand and attribute to an unknown Chinese-speaking threat actor. Continue reading CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit→

Hypothesis of state sponsored implant with advanced exfiltrated technology [closed]

Posted on June 21, 2022 by BiosRootKit

I’m looking for state-sponsored spyware that has the following features.
The spyware should be split into three or more parts. There are two parts on the host/phone, and a third part on the home router. The two parts on the host are:

a pi… Continue reading Hypothesis of state sponsored implant with advanced exfiltrated technology [closed]→

Need help identifying and erradicating Cobalt Strike beacon and persistence [closed]

Posted on June 20, 2022 by M3038

Posted this over in the Unix section earlier and was recommended here:
I’m stopping by trying to further narrow down my understanding and ultimately the eradication of one if not multiple Cobalt Strike beacons on multiple machines.
Before … Continue reading Need help identifying and erradicating Cobalt Strike beacon and persistence [closed]→

Researchers unearth highly evasive “parasitic” Linux malware

Posted on June 10, 2022 by Zeljka Zorz

Security researchers at Intezer and BlackBerry have documented Symbiote, a wholly unique, multi-purpose piece of Linux malware that is nearly impossible to detect. “What makes Symbiote different from other Linux malware that we usually come acros… Continue reading Researchers unearth highly evasive “parasitic” Linux malware→

If I root a Samsung without a computer(using no computer root method) will I receive Software Update normally? [closed]

Posted on June 3, 2022 by winstonej

Basically what I’m asking is if you root a Samsung without a computer method, will the update appear in settings like it normally does when the phone is not rooted?
If it does, can the download be accepted and the update installed normally… Continue reading If I root a Samsung without a computer(using no computer root method) will I receive Software Update normally? [closed]→

Is there a difference between a bootkit and a ring-0 rootkit?

Posted on June 2, 2022 by Questioner

I understand the difference between a Ring-0 rootkit and a Ring-3 rootkit, in terms of their hierarchical depth in computational models. That is kernel mode and usermode, respectively.
I am confused as to whether there is a difference betw… Continue reading Is there a difference between a bootkit and a ring-0 rootkit?→

Can a Samsung receive OTA updates normally with a systemless root? [migrated]

Posted on June 1, 2022 by winstonej

If a systemless root is done will software updates still appear in settings/show up as a notification that there is a new update available?
In case it does show up, can you download and install the update directly from the settings app eve… Continue reading Can a Samsung receive OTA updates normally with a systemless root? [migrated]→

Is it possible to assess the integrity of an SSD’s firmware using SMART results or drive details?

Posted on May 19, 2022 by Tara

I recently bought a used SanDisk SSD and I am curious to know if there is any way to assess the integrity of its firmware using information such as SMART or drive details.
In addition to SMART information, SanDisk Dashboard application als… Continue reading Is it possible to assess the integrity of an SSD’s firmware using SMART results or drive details?→