<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>

</head>

<body dir="ltr">

<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">

<span style="margin:0px; font-size:12pt; background-color:rgb(255,255,255)"><span style="margin:0px; background-color:rgb(255,255,255)"><span style="margin:0px; font-size:14.67px">Hello,</span></span></span><span style="background-color:rgb(255,255,255); display:inline!important"></span></div>

<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">

<div style="margin:0px; font-size:12pt; background-color:rgb(255,255,255)">

<div style="margin:0px; font-size:15px; color:rgb(32,31,30); background-color:rgb(255,255,255)">

<div style="margin:0px; font-size:12pt; color:rgb(0,0,0)">

<div style="margin:0px; background-color:rgb(255,255,255)">

<div style="margin:0px; font-size:15px; color:rgb(32,31,30); background-color:rgb(255,255,255)">

<div style="margin:0px; font-size:12pt; color:rgb(0,0,0)"><span style="margin:0px; background-color:rgb(255,255,255); display:inline!important"></span>

<div style="margin:0px; background-color:rgb(255,255,255)">

<div style="margin:0px; font-size:15px; color:rgb(32,31,30); background-color:rgb(255,255,255)">

<div style="margin:0px; font-size:12pt; color:rgb(0,0,0)">

<div style="margin:0px; background-color:rgb(255,255,255)">

<div style="margin:0px; background-color:rgb(255,255,255)">

<div style="margin:0px; font-size:15px; color:rgb(32,31,30); background-color:rgb(255,255,255)">

<div style="margin:0px; font-size:12pt; color:rgb(0,0,0)">

<div style="margin:0px; background-color:rgb(255,255,255)">

<div style="margin:0px; color:black; background-color:rgb(255,255,255)">

<div style="margin:0px; font-size:15px; color:rgb(32,31,30); background-color:white">

<div style="margin:0px; font-size:12pt; color:black"><span style="margin:0px; background-color:white"></span>

<div style="margin:0px; background-color:white">

<div style="margin:0px; background-color:white">

<div style="margin:0px; background-color:white">

<div style="margin:0px; background-color:white">

<div style="margin:0px; background-color:white">

<div style="margin:0px; background-color:white">

<div style="margin:0px; background-color:white">

<div style="margin:0px; background-color:white">

<div style="margin:0px; font-size:15px; color:rgb(32,31,30); background-color:white">

<div style="margin:0px; font-size:12pt; color:black">

<div style="margin:0px; background-color:white">

<div style="margin:0px; background-color:white">

<div style="margin:0px; font-size:15px; color:rgb(32,31,30); background-color:white">

<div style="margin:0px; font-size:12pt; color:black">

<div style="margin:0px; background-color:white">

<div style="margin:0px; background-color:white">

<div style="margin:0px">

<div style="margin:0px; background-color:white">

<div style="margin:0px; background-color:white">

<div style="margin:0px; background-color:white">

<div style="margin:0px; background-color:white">

<div style="margin:0px; background-color:white">

<div style="margin:0px; font-size:15px; color:rgb(32,31,30); background-color:white">

<div style="margin:0px; font-size:12pt; color:black">

<div style="margin:0px; background-color:white">

<div style="margin:0px; background-color:white">

<div style="margin:0px; background-color:white">

<div style="margin:0px; background-color:white">

<div style="margin:0px; background-color:white">

<div style="margin:0px; background-color:white">

<div style="margin:0px; background-color:white">

<div style="margin:0px; background-color:white">

<div style="margin:0px; background-color:white">

<div style="margin:0px; background-color:white">

<div style="margin:0px; background-color:white">

<div style="margin:0px; background-color:white">

<div style="margin:0px; background-color:white">

<div style="margin:0px; background-color:white">

<div style="margin:0px; background-color:white">

<div style="margin:0px; background-color:white">

<div style="margin:0px; font-size:15px; color:rgb(32,31,30); background-color:white">

<div style="margin:0px; font-size:12pt; color:black">

<div style="margin:0px; background-color:white">

<div style="margin:0px; font-size:15px; color:rgb(32,31,30); background-color:white">

<div style="margin:0px; font-size:12pt; color:black">

<div style="margin:0px; background-color:white">

<div style="margin:0px; background-color:white">

<div style="margin:0px; background-color:white">

<div style="margin:0px; background-color:white">

<div style="margin:0px; background-color:white">

<div style="margin:0px; background-color:white">

<div style="margin:0px; font-size:15px; color:rgb(32,31,30); background-color:white">

<div style="margin:0px; font-size:12pt; color:black"><span style="margin:0px; background-color:white"></span>

<div style="margin:0px; background-color:white">

<div style="margin:0px; font-size:14.67px; background-color:white">I hope everyone is doing well!</div>

<div style="margin:0px; font-size:14.67px; background-color:white"><br>

</div>

<div style="margin:0px; font-size:14.67px; background-color:white">Below is the entry for today.</div>

<div style="margin:0px; font-size:14.67px; background-color:white"><br>

</div>

<div style="margin:0px; font-size:14.67px; background-color:white">12/08/2021 - Diary entry #367<br>

<br>

</div>

<blockquote style="font-size:14.67px; background-color:white; margin-top:0px; margin-bottom:0px">

<div style="margin:0px"></div>

<div style="margin:0px"></div>

Today we will continue our thread on Malware Types, started on Daily Diary #328, talking about Rootkits. By definition, a Rootkit is a malware piece designed to enable access to a privileged area of a computer, masking itself in the system, trying to evade

 detection by analysts and security software. Rootkits are often considered the most dangerous pieces of malware. When fused with Remote Access Trojans or Spyware capabilities, it becomes a very sophisticated threat for Espionage.

<div><br>

</div>

<div>Although Rootkits are generally related with privilege escalation and getting full-control over a device ("root" access in Linux/Unix Operational System families), they can execute either in user-mode or kernel-mode.</div>

<div><br>

</div>

<div>In user-mode (or Ring 3) Rootkits execute with the same privilege as other user applications. In that case, they use techniques such as DLL Injection and API Hooking to intercept and modify the behavior of standard applications. In Windows, it's very common

 for a Rootkit to inject a DLL into other applications to exfiltrate credentials and even mask its presence.</div>

<div><br>

</div>

<div>Kernel-mode (or Ring 0) is where you find the most sophisticated Rootkits. In this case, they generally need to abuse a very sensitive vulnerability, allowing them to execute arbitrary code in the kernel, or install a kernel driver. Kernel-Mode Rootkits

 are the most dangerous and are much harder to detect and remove after they complete their infection process. When executed in the kernel, they can completely mask their execution, and execute with more privilege than anything in the system, which allows them

 to disable security solutions, hide their files and bypass access-control mechanisms.</div>

<div><br>

</div>

Luckily, Ring 0 Rootkits are much harder to develop, and as they need critical vulnerabilities to escalate to the kernel, keeping your system patched and up-to-date is a must when trying to be protected against this kind of threat. When a Rootkit-like malware

 is detected, the recommended thing to do is consider the whole perimeter as infected, preferably completely reinstalling the Operating System in all machines that can be affected.

<div style="margin:0px"></div>

<span style="margin:0px"></span>

<div style="margin:0px"></div>

<span style="margin:0px"></span>

<div style="margin:0px"><br>

</div>

</blockquote>

<span style="margin:0px; font-size:14.67px; background-color:white">Kind Regards,</span></div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

<br>

</div>

<div>

<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">

<br>

</div>

<div id="Signature">

<div>

<div></div>

<div></div>

<div></div>

<div></div>

<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">

<table style="font-family:"Times New Roman"; font-size:medium; text-align:start">

<tbody>

<tr>

<td width="180" align="left" style="width:180px">

<table width="120" align="left">

<tbody>

<tr>

<td colspan="3" align="center"><a href="https://www.appgate.com/"><img alt="" width="120" height="30" src="https://d3aafpijpsak2t.cloudfront.net/images/Signature/logo@2x.png"></a></td>

</tr>

<tr>

<td colspan="3" align="center"> </td>

</tr>

<tr>

<td width="37%" align="center"><a href="https://www.linkedin.com/company/appgate-security/"><img width="18" height="18" alt="" src="https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png"></a></td>

<td width="28%"><a href="https://twitter.com/AppgateSecurity"><img width="20" height="18" alt="" src="https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png"></a></td>

<td width="35%"><a href="https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ"><img width="26" height="18" alt="" src="https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png"></a></td>

</tr>

</tbody>

</table>

<p style="margin-top: 0px; margin-bottom: 0px;"> </p>

</td>

<td width="350" colspan="2" rowspan="2" style="width:350px">

<p style="margin-top: 0px; margin-bottom: 0px;font-family:Arial,Helvetica,sans-serif; font-size:13px; color:rgb(12,12,12)">

<strong>Felipe Duarte Domingues</strong><br>

Security Researcher<br>

<strong>Appgate</strong></p>

<p style="margin-top: 0px; margin-bottom: 0px;font-family:Arial,Helvetica,sans-serif; font-size:13px; color:rgb(12,12,12)">

E:<span> </span><font color="#228ebe"><a href="mailto:felipe.duarte@appgate.com" title="mailto:felipe.duarte@appgate.com">felipe.duarte@appgate.com</a></font><br>

O: <span style="background-color:rgb(255,255,255); display:inline!important">+55 19 98840 2509</span></p>

</td>

</tr>

</tbody>

</table>

<br>

</div>

</div>

</div>

</div>

</body>

</html>