From the course: Ethical Hacking: System Hacking
Join today to access over 24,900 courses taught by industry experts.
User Mode and Kernel Mode
From the course: Ethical Hacking: System Hacking
User Mode and Kernel Mode
- [Instructor] Rootkits are almost always designed to operate with superuser privileges, which are normally reserved for the system administrator or root user. In this segment, we'll compare user-mode and kernel-mode rootkits, and outline the benefits and drawbacks of each type. First, let's discuss what makes a good rootkit and how they avoid detection. A good rootkit will sniff passwords, create hidden directories, and be able to avoid any security measures designed to pick up any activity as it communicates with the network. Identifying rootkit behavior can be difficult, as a rootkit is designed to avoid being detected by deleting any evidence of processes the attacker has generated, and even remove the rootkit when the job is complete. Many times, they're only identified by a rootkit scanner. So, now let's further discuss how a rootkit can stay hidden. To avoid detection, a rootkit can either use an active or passive approach. An active offense involves taking direct actions that…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.