Как работают руткиты и можно ли им противодействовать на примере Singularity

Всем привет. Экспрементируя со способами закрепления на Linux системах в рамках разработки своей системы мониторига безопасности, я наткнулся на руткит с открытым исходным кодом Singularity . Он показался мне очень интересным, так как использует большое количество методов для сокрытия себя от обнаружения, а открытый исходный исходный код позволяет досконально изучить эти методы. В данной статье я подробно расскажу вам, с помощью каких подходов руткиты закрепляются на Linux системах на примере Singularity.

https://habr.com/ru/articles/996568/

#rootkit #rootkits #руткиты #руткит #ядро_linux #мониторинг #ebpf #обнаружение_атак #информационная_безопасность #защита_сервера

@emilyyoung @ShadSterling nodds in agreement

• Tho besides #Steam, #Lutris & #HeroicLauncher make most modern games without #malware in the form of "#ClientSideAnticheat" #Rootkits just work.

From experience the most problematic are early #Windows games from 1995-2005 with like very old DirectX versions or cursed setups where the game is #32bit but the #Installer is #16bit. (i.e. #PizzaSyndicate).

• Granted those games won't even install on #64bit - Windows machines anyway so they ain't smooth at all.

And whilst dedicated folks like @fuchsiii work on fixing these issues, we can all agree that people who play #Games that old may already have some dedicaded, legacy hardware at their disposal and wouldn't mind stuff like virtualization with passthrough to old PCI(e)-GPUs for their singleplayer games.

• Obviously I'd prefer more #native #Linux #games but unless they want to statically compile the game with all dependencies into one AppImage that's more daunting as #ProtonGE / #DXVK support.

Still, #LinuxGaming has come a long way since the days when I had to manually shove DirectX, .net Runtime, ms-corefonts and Gecko (as Internet Explorer replacement) into Wine and manually force Windows-#Steam to launch...

• And given #Valve's commitment with the "#GabeCube" and #SteamFrame things have moved in the right direction…

@emilyyoung precisely that because #Linux will win longterm just by not #Enshittifying and just treating users better…

• This isn't even like a hypothetical…

Also #LinuxGaming these days is easier, faster, less stressful and just overall better not just because #Valve actually cares, but because #developers and #maintainers of distros and the Linux community do.

• The only painpoints are some quirky games released ca. 1995-2005 that didn't see widespread popularity and need tweaks in #Wine & #DXVK to run at all (as @fuchsiii is dabbling with those) and #malware-laced crap under false pretenses like "#ClientSideAnticheat" that is specifically designed to not work on #Linux with #rootkits not dissimilar from #StarFORCE!

https://www.youtube.com/watch?v=p-wyIalhdPU video via #MVG

"#Hackers Deploy #Linux #Rootkits via #Cisco #SNMP Flaw in 'Zero Disco' Attacks"

https://thehackernews.com/2025/10/hackers-deploy-linux-rootkits-via-cisco.html

In all my years in cybersecurity, I've always felt SNMP was not a good idea & should be turned off.
I know many network admins will dislike me saying that but I always turn it off.
Even the version with tacked on security #SNMPv3 has had #Vulnerabilities & many places run older SNMP & not v3.
I feel maybe it's time for something new.

#CyberSecurityNews #CyberSecurity #TechNews #Networking

Operation Zero Disco: Threat actors targets Cisco SNMP flaw to drop Linux rootkits
https://securityaffairs.com/183508/malware/operation-zero-disco-threat-actors-targets-cisco-snmp-flaw-to-drop-linux-rootkits.html

#Infosec #Security #Cybersecurity #CeptBiro #OperationZeroDisco #ThreatActors #Cisco #SNMPflaw #Linux #Rootkits

Operation #Zero Disco: Threat actors targets Cisco SNMP flaw to drop #Linux #rootkits
https://securityaffairs.com/183508/malware/operation-zero-disco-threat-actors-targets-cisco-snmp-flaw-to-drop-linux-rootkits.html
#securityaffairs #hacking #malware

Computer motherboard hardware and software must be so full of security vulnerabilities and backdoors.
#motherboards #securityvulnerabilities #rootkits #computersecurity #computerviruses #viruses #trojans #bios #uefi #bootsector #backdoors #proprietarysoftware #firmware #closedsourcesoftware

#ghostscan
A modern, Rust-powered #Linux #scanner that unmasks hidden #rootkits, stealthy #eBPF tricks, and ghost processes in one fast sweep (45+ scanners)
https://github.com/h2337/ghostscan

@technadu After #CrowdStroke it should be clear that #CrowdStrike isn't a "trustworthy brand"...

• Granted everyone who thinks 3rd party #rootkits like CrowdStrike in a #CCSS #Govware masquerading as an #OS (#windows) is a valid security strategy should not be trusted even with a light switch or plastic fork.

also #npm sucks!

¡No parpadees si no te lo quieres perder! Stephan Berger nos habla de "In-Depth Study Of Linux Rootkits: Evolution, Detection, And Defense" #Rootkits  #InfoSec @malmoeb

¡No parpadees si no te lo quieres perder! Stephan Berger nos habla de "In-Depth Study Of Linux Rootkits: Evolution, Detection, And Defense" #Rootkits  #InfoSec @malmoeb

@izoateofficial missing #rootkits ^^ xD

Unsichtbare #Rootkits:

"Blinder Fleck" bei #Kernel-Interface bedroht #Linux-Systeme.

Viele #Sicherheitstools überwachen System-Calls, um #Malware zu erkennen. Unter #Linux gibt es jedoch eine Alternative, die oft völlig missachtet wird.

#Forscher von #Armo haben ein #Sicherheitsproblem in Verbindung mit einer io_uring genannten Schnittstelle des #Linux-Kernels aufgedeckt.

https://www.golem.de/news/unsichtbare-rootkits-blinder-fleck-bei-kernel-interface-bedroht-linux-systeme-2504-195655.html

New Linux Rootkit

Interesting:
The company has released a working rootkit called “Curing” that uses io_uring, a feature built into t... https://www.schneier.com/blog/archives/2025/04/new-linux-rootkit.html

#Uncategorized #rootkits #Linux

⚠️ It may seem that #rootkits golden age has passed, but they are still present and dangerous.
Keep in mind what they are and how not to let them into your system.
🎯 Learn more & collect #IOCs: https://any.run/malware-trends/rootkit/?utm_source=mastodon&utm_medium=post&utm_campaign=top_ten&utm_content=tracker&utm_term=110325

#infosec #cybersecurity

macOS : une vulnérabilité permettait l’installation de rootkits, Apple déploie un correctif !
https://www.it-connect.fr/macos-cve-2024-44243-installation-de-rootkits-apple-deploie-un-correctif/

#Infosec #Security #Cybersecurity #CeptBiro #macOS #Vulnerabilite #Rootkits #Apple

#Anonymous #RootKits #CyberHunters #L3G10N #OpVenezuela re-engage...! Lets goo #AnonFamily #ShareIt .! Vamos por ti maduro dictador! 🔥🔥🔥🏴‍☠️⚡💜

@marcel @Kensan @adfichter die einzig wirksame #Konsequenz ist, sich konsequent entsprechender #Govware als #Betriebssystem zu verweigern und keine #Scareware mit #Rootkits zu nutzen!

• Die #Sicherheit sollte im Zweifelsfalle durch den #Maintainer des Betriebssystems / der Distribution bereitgestellt und verifizierbar sein, und wenn jene*r keine Haftung dafür anbietet so ist diese dafür zu disqualifizieren.

So einfach ist das!

From 25 Jul: Secure Boot is completely broken on 200+ models from 5 big device makers - Enlargesasha85ru Getty Imates In 2012, an industry-wide coalition of hardware... https://arstechnica.com/security/2024/07/secure-boot-is-completely-compromised-on-200-models-from-5-big-device-makers/ #biz-&-it #cryptography #features #key-compromise #rootkits #secure-boot #security #supply-chain #uefi #unified-extensible-firmware-interface

@theregister that's not enough!

#Microsoft must #ban #Rootkits / #Bootkits and #Lernel-level #drivers entirely or #Windows will get banned amidst it's unfixable security!