|
|
|
|
|
|
by cobbzilla
3613 days ago
|
|
|
I understand that once a rootkit is installed, all bets are off. I was wondering if the syscalls by which the rootkit gets installed will be obfuscated to make them look more like a benign/normal process, and evade detection by a malware-syscall-pattern-recognizer. or are some malware syscall patterns essentially "unhideable"? |
|
|
Will they work? Maybe: https://web.cs.dal.ca/~zincir/bildiri/pst08-gn.pdf
Disclaimer: I was one of Anil Somayaji's grad students at one point in the not so distant past.