coretrace whitepaper: combating buffer overflows and rootkits

of 17 /17
CONTENTS COMBATING BUFFER OVERFLOWS AND ROOTKITS CoreTrace Corporation 6500 River Place Blvd., Building II, Suite 105, Austin, TX 78730 512-592-4100 | [email protected] | Buffer overflow + rootkit is the #1 combo meal on the cybercrime menu— a buffer overflow provides the way in and a rootkit provides the way to stay in, and invite some friends in too—and while an endpoint won’t get fries with that, if it is not protected with Endpoint Security v2.0, it may get Trojans, keyloggers, backdoors, installation routines, network sniffers, etc., (do be concerned with what may be hiding in that etc.). The best part, and why this technique is so popular, is that an endpoint is not aware that it has ingested anything. Rootkits are a MacGyver-worthy mashup of Swiss Army knife + Hydra + The Invisible Man—the best defense is a good offense was never more apropos. Not only is it difficult to know that a rootkit has control of an endpoint, even if known, it is not easily removed. The key to not allowing a rootkit to establish itself in an endpoint, is to not allow a rootkit to establish itself in an endpoint— just say no. The only way to do that is with Endpoint Security v2.0. BOUNCER by CoreTraceDefeats Cybercriminals JUNE 2008 1 OVERVIEW 1 2008 FORWARD: TORNADO WARNING IN EFFECT Inside the Cybercrime Tornado Seeding The Clouds Endpoint Security v1.0 VS. v2.0: who’ll Stop the Rain? 6 CYBERCRIME AT-A-GLANCE Cybercrime Tools and Techniques Cybercrime Levels of Threat 11 BUFFER OVERFLOW + ROOTKIT access Vector: Buffer Overflow used to Inject Code Payload: Rootkit used to Obtain and Retain Control 12 ENDPOINT SECURITY v2.0 Endpoint Security v1.0 vs. v2.0 BOUNCER by CoreTrace™ 15 SUMMARY

Author: coretrace-corporation

Post on 01-Nov-2014




0 download


Embed Size (px)


Whitepaper Abstract Some malware threats are simply nuisances, and then there are truly dangerous and malicious ones. In the latter category, buffer overflow attacks and rootkits are the favorites of professional hackers. Often they are used in tandem, with a buffer overflow providing the way in and a rootkit providing a highly stealthy way to stay in. This whitepaper explains these two threats and why traditional security approaches have been largely ineffective against them. Then the paper outlines how Endpoint Security 2.0 solutions using kernel-level application whitelisting can effectively neutralize the threats and provide greater peace of mind.


  • 1. What is height of Secrecy? Offering blank visiting cards.
  • 2. What is height of laziness? Asking for a lift to house while on a morning walk
  • 3. What is height of Craziness? Getting a blank paper Xeroxed.
  • 4. What is height of Forgetfulness? Seeing the mirror and trying to recollect when you saw him / her last.
  • 5. What is height of Stupidity? A man looking through a keyhole of a glass door.
  • 6. What is height of Honesty? A pregnant woman taking one and a half ticket.
  • 7. What is height of Suicide? A dwarf jumping from the footpath on the road.
  • 8. What is height of De-hydration? A cow giving milk powder.