Monthly Archives: February 2018

The Corporate World has no understanding of real Hackers – Windows Rootkits? Really?

The hubris of corporate security professionals and arrogance of white hat hackers has always been mocked by real hackers. School and certification training will teach you everything you need to know about hacking, security, defense and how the “script kiddies” operate.

There is such a disconnect between the real hacking world and the security community it amuses me greatly. Having previously been a true blackhat hacker paid to DDoS entire country uplinks or takeout the competitors of major corporations discreetly, leak customer and other protected information to those undisclosed corporations I speak with experience.

Real hackers DO NOT hack Windows, they trade rootlist and shells, zero day exploits, scanners and auto-rooters that the rest of the world is oblivious to. Windows hosts they infect for money, to use as proxy servers for hiding their identities, stealing credentials and personal information – that is about it.

When I was in the game I used Windows hosts to steal their ISP login information and credentials for websites they were members of. The game is about hacking infrastructure, *nix servers, cisco/brocade routers and maintaining access, pivoting and compromising enclaves and sniffing all traffic crossing the wire. Hackers do not care about home PC users regardless what the AV companies want you to believe. Crimeware actors care about Windows machines because they see dollar signs, hackers would be mocked and discredited if they bragged about hacking a Windows box.

For starters, hackers created rootkits in order to trojan processes on unix servers such as ps, netstat, lsof, utmp/wtmp and so on in order to hide and preserve access, not to mention cover themselves from log analysis. In order to facilitate this action you would have had to of rooted the server. The root account only exist in *nix and MAC OS hosts, which always amuses hackers as the corporate security and commercial world talks about rootkiting Microsoft Windows hosts which isn’t possible as the superuser account name is ADMIN!

Even on the Mirosoft site itself it describes rootkits now:

https://www.microsoft.com/en-us/wdsi/threats/rootkits

What is a rootkit?

Malware authors use rootkits to hide malware on your PC. Malware hidden by rootkits often monitor, filter, and steal your data or abuse your computer’s resources, such as using your PC for bitcoin mining.”

 

Share Button