EASY7

숨겨진 프로세스 본문

보안 공부

숨겨진 프로세스

E.asiest 2021. 12. 22. 02:33

메모리 분석기법 이용해야 합니다. EPROCESS쪽 공부하시고 Volatility 쪽 보시면 좋을 것 같네요

 

예 이름 있죠. EProcess쪽 공부하셔야지 알것 같네요. DKOM이랑요

 

 

직접 커널 객체 조작 (DKOM : Direct Kernel Object Manipulation)은 써드 파티 프로세스, 드라이버, 파일에 대한 잠재적인 손상 및 중계 연결을 작업 관리자와 이벤트 스케줄러로부터 숨기는데 사용되는 일반적인 루트킷 기법이다.

 

프로세스를 은닉하는 방법

https://github.com/thibaultmeyer/deadlands-windows-dkom

 

GitHub - thibaultmeyer/deadlands-windows-dkom: Windows DKOM : Hide Processus

Windows DKOM : Hide Processus. Contribute to thibaultmeyer/deadlands-windows-dkom development by creating an account on GitHub.

github.com

https://www.youtube.com/watch?v=uU9DhcpUGD0  

https://www.cert-devoteam.fr/en/antiforensics-techniques-process-hiding-in-kernel-mode/

 

AntiForensics techniques : Process hiding in Kernel Mode

Introduction This article is the first iteration of a series introducing several malware techniques for both persistence and propagation. Most of these techniques were discovered and disclosed seve…

www.cert-devoteam.fr

https://www.cert-devoteam.fr/en/antiforensics-techniques-process-hiding-in-kernel-mode/

 

AntiForensics techniques : Process hiding in Kernel Mode

Introduction This article is the first iteration of a series introducing several malware techniques for both persistence and propagation. Most of these techniques were discovered and disclosed seve…

www.cert-devoteam.fr

 

저작자표시 비영리 변경금지

'보안 공부' 카테고리의 다른 글

[개인정보] 개정 개인정보보호법 현장 안착을 위한 종합 설명회 후기  (2) 2023.12.11
앱 모의해킹  (0) 2020.06.01
usb 파일 시스템 변환  (0) 2019.12.11
플젝  (0) 2019.09.10
'보안 공부' Related Articles more
Comments