Student Work

Kernel Integrity Analysis

Public

Downloadable Content

open in viewer

Rootkits are dangerous and hard to detect. A rootkit is malware specifically designed to be stealthy and maintain control of a computer. Existing detection mechanisms are insufficient to reliably detect rootkits, due to fundamental problems with the way they operate. This MQP has two major contributions. The first is a Red Team analysis of WinKIM, a rootkit detection tool. The analysis shows my attempts to find flaws in WinKIM's ability to detect rootkits. WinKIM monitors a subset of Windows data structures; I show that this set is insufficient to detect all possible rootkits. The second is the enumeration of data structures in the Windows kernel which can be targeted by a rootkit. These structures are those which a detector would have to measure in order to detect any rootkit.

  • This report represents the work of one or more WPI undergraduate students submitted to the faculty as evidence of completion of a degree requirement. WPI routinely publishes these reports on its website without editorial or peer review.
Creator
Publisher
Identifier
  • E-project-102715-205100
Advisor
Year
  • 2015
Center
Sponsor
Date created
  • 2015-10-27
Resource type
Major
Rights statement

Relations

In Collection:

Items

Items

Permanent link to this page: https://digital.wpi.edu/show/9s1617551