Sourcefire

Rootkits (Part 8): Defense via Hook Detection

Since both kernel-mode and user-mode rootkits use hooking as a vehicle for hiding their presence on a system, it seems only natural that looking for system hooks could itself be used to identify the presence of a rootkit on a system. In this video, Sourcefire Chief Scientist, Zulfikar Ramzan, describes how one might try to make such a rootkit detection technique work and what challenges exist in doing so. This video is the eighth in a multi-part series on rootkits.

RunTime - 7:06

Uploaded - 18 Jul 2013

 

 
©2014 Cisco and/or its affiliates. All rights reserved.