GIAC
GCIH · Question #603
How could an attacker insert malware into the kernel of a Windows system?
The correct answer is C. By altering the file Ntoskrnl.exe and the NTLDR. One of the methods for manipulating the Kernel is by replacing or patching the kernel image file on the hard disk itself. After the system restart the malicious Kernel will be loaded into the
Malware Analysis & Advanced Persistent Threats
Question
How could an attacker insert malware into the kernel of a Windows system?
Options
- ABy altering the kernel file sysLinux and changing file attributes to read write
- BBy installing and executing a remote listener on the target system
- CBy altering the file Ntoskrnl.exe and the NTLDR
- DBy altering the file nt.dll and including it in the executable path
How the community answered
(27 responses)- A4% (1)
- B11% (3)
- C81% (22)
- D4% (1)
Explanation
One of the methods for manipulating the Kernel is by replacing or patching the kernel image file on the hard disk itself. After the system restart the malicious Kernel will be loaded into the
Topics
#kernel rootkit#Ntoskrnl.exe#Windows internals#malware persistence
Community Discussion
No community discussion yet for this question.