From the course: Ethical Hacking: System Hacking
Join today to access over 24,200 courses taught by industry experts.
Detect, remove, and avoid rootkits
From the course: Ethical Hacking: System Hacking
Detect, remove, and avoid rootkits
- [Instructor] Detecting a rootkit can be difficult as, by their very nature, rootkits avoid discovery. In this segment, we'll review how to detect, remove, and avoid rootkits. First, let's talk about how we can detect a rootkit. Rootkit detectors are "specialized software that essentially act as a host-based intrusion detection system that monitors the activity on a single host." They work by creating a "cryptographic hash of important system files, storing the hash values in a database, and then reporting what files have changed." Most file integrity software supports multiple file types and attributes, all have the same goal, "detecting a change in the integrity of a file." Rootkit detectors include Tripwire, which is a commercial product that monitors file integrity in real time, and advanced intrusion detection environment, which is a free product that runs on any modern Unix system. To monitor the integrity of the files, the software will first "scan the system and initialize…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.