How RootKits Works & How To Detect Rootkits?

How RootKits Works & How To Detect Rootkits? – System hooking is a process of changing and replacing the original function pointer with the pointer provided by the rootkit in stealth mode. Inline function hooking is a technique where a rootkit changes some of the bytes of a function inside the core system DLLs (kernel32.dll and ntdll.dll) placing an instruction so that any process calls hit the rootkit first. Direct Kernel Object Manipulation (DKOM) rootkits are able to locate and manipulate the “system” process in kernel memory structures and patch…

Read More

What is RootKits?

What is RootKits? – Rootkits are software programs aimed to gain access to a computer without detection. These are malware that help the attackers to gain unauthorized acess to a remote system and perform malicious activities. The goal of the rootkit is to gain root privileges to a system. By logging in as the root user of a system, an attacker can perform any task such as installing software or deleting files, and so on. It works by exploiting the vulnerabilities in the operating system and applications. It builds a…

Read More

Top 5 Best Vulnerability Scanning Tools

Top 5 Best Vulnerability Scanning Tools – An attacker performs vulnerability scanning in order to identify security loopholes in the target network that he/she can exloit to launch attacks. Security analysts can use vulnerability scanning tools to identify weaknesses present in the organization’s security posture and remediate the identified vulnerabilities before an attacker exploits. Network Vulnerability Scanners help in analyzing and identifying vulnerabilities in the target network or network resources by means of vulnerability scanning and network auditing. These tools also assist in overcoming weaknesses in the network by suggesting…

Read More

Vulnerability Scoring System

Vulnerability Scoring System – Vulnerability scoring systems and vulnerability databases are used by security analysts to rank information system vulnerabilities, and to provide a composite score of the overall severity and risk associated with identified vulnerabilities. Vulnerability databases collect and maintain information about various vulneabilities present in the information systems. This section discusses Common Vulnerability Scoring System (CVSS), and vulnerability databases like Common Vulnerabilities and Exposures (CVE), and National Vulnerability Databases (NVD). Vulnerability Scoring System Common Vulnerability Scoring System (CVSS) Source : First Org CVSS is a published standard that…

Read More

Working of Vulnerability Scanning?

Working of Vulnerability Scanning? – Any organization needs to handle and process large volumes of data in order to carry out business. These large volumes of data contain the information of that particular organization for which access is denied to the unauthorized users. Attackers try to find certain vulnerabilities that they can exploit and use those to gain access to the critical data for illegal purposes. Vulnerability analysis performs a study on the risk-prone area of the organizational network. This analysis is done various tools. the vulnerabilitiy analysis reports on…

Read More

What is Vulnerability Assessment?

What is Vulnerability Assessment? – Vulnerability Assessment is an examination of the ability of a system or application, including current security procedures and controls, to withstand assault. Vulnerability scans networks for known security weaknesses. it recognizes, measures, and classifies security vulnerabilities in a computer system, network, and communication channels. It also assists security professionals in securing the network by determining security loopholes or vulnerabilities in the current security mechanism before the bad guys can exploit them. A vulnerability assessment may be used to: Identify weaknesses that could be exploited Predict…

Read More

Classification of Vulnerability?

Classification of Vulnerability? – In a network there are generally two main causes for systems being vulnerable, software or hardware misconfiguration and poor programming practices. Attackers exploit these vulnerabilities to perform various types of attacks on organizational resource. Classification of Vulnerability? Vulnerability present in a system or network are classified into the following categories: Misconfiguration Misconfiguration is the most common vulnerability that is mainly caused by human error, which allows attackers to gain unauthorized access to the system. This may happen intentionally or unintentionally affecting web servers, application platform, database…

Read More

What is NTP Enumeration?

What is NTP Enumeration? – Network Time Protocol (NTP) is designed to synchronize clocks of networked computers. It uses UDP port 123 as its primary means of communication, NTP can maintain time to within 10 milliseconds(1/100 seconds) over the public Internet. It can achieve accuracies of 200 microseconds or better in local area networks under ideal conditions. Arracker queries NTP server to gather valuable information such as: List of host connected to NTP server Clients IP addresses in a network, their system names and OSs Internal IPs can also be…

Read More

What is LDAP Enumeration?

What is LDAP Enumeration? – Lightweight Directory Access Protocol (LDAP) is an Internet Protocol for accessing distributed directory services. Directory services may provide any organized set of records, often in a hierarchical and logical structure, such as a corporate email directory. A client strats a LDAP session by connecting to a Directory System Agent (DSA) on TCP port 389 and then sends an Operation request to the DSA. Information is transmitted between the client and the server using Basic Encoding Rules (BER). Attackers queries LDAP service to gather information such…

Read More

Top Five Footprinting Tool?

Top Five Footprinting Tool? – Attackers are aided in footprinting with the help of various tools. Many organizations offer tools that make information gathering an easy task. This section describes tools intended for obtaining information from various sources. Footprinting tools are used to collect basic information about the target systems in order to exploit them. Information collected by the footprinting tools contain target’s IP location information, routing information, business information, address, phone number and social security number, details about a source of an email and a file, DNS information, domain…

Read More