my ideas, and (maybe) future todo's; etc.
- Hash Function Modifier
- Hash functions is a crucial thing in infosec, but what if a rootkit controls what comes out? well.. This sounds like a simple "just replace the checksum application with a modified version that has some secret, e.g feed in abc123 and it will output the same value as the hash of 321bca). Imagine, (roughly speaking) - a rootkit that hooks the call to the "checksum" app (therefore not modifying it) and changes(I.e replaces) the output.
Why..?
-
I do not see any "such" rootkit out on the net. If there already is, please post in a issue/or pull! 👍🏻
-
Random Number Generator Modifier
-
The name says it all. 'modify e.g the randomness to be predictable in some way, say xoring it with a certain value(given on commandline when loading the rootkit), all randomness will be predictable by xoring with that value'
-
[ ]
-
[ ]
-
[ ]
-
[ ]
-
[ ]
-
[ ]