nerdexam
GIAC

GCIH · Question #603

How could an attacker insert malware into the kernel of a Windows system?

The correct answer is C. By altering the file Ntoskrnl.exe and the NTLDR. One of the methods for manipulating the Kernel is by replacing or patching the kernel image file on the hard disk itself. After the system restart the malicious Kernel will be loaded into the

Malware Analysis & Advanced Persistent Threats

Question

How could an attacker insert malware into the kernel of a Windows system?

Options

  • ABy altering the kernel file sysLinux and changing file attributes to read write
  • BBy installing and executing a remote listener on the target system
  • CBy altering the file Ntoskrnl.exe and the NTLDR
  • DBy altering the file nt.dll and including it in the executable path

How the community answered

(27 responses)
  • A
    4% (1)
  • B
    11% (3)
  • C
    81% (22)
  • D
    4% (1)

Explanation

One of the methods for manipulating the Kernel is by replacing or patching the kernel image file on the hard disk itself. After the system restart the malicious Kernel will be loaded into the

Topics

#kernel rootkit#Ntoskrnl.exe#Windows internals#malware persistence

Community Discussion

No community discussion yet for this question.

Full GCIH Practice