Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

I\'m investigating the state of my MacBook Pro which I know was compromised, and

ID: 660696 • Letter: I

Question

I'm investigating the state of my MacBook Pro which I know was compromised, and do not know if I removed the exploits completely (and I realize, technically will never know this). I'm trying to hone in on specific exploits, not expecting to prove they don't exist, but in any case I can prove that they do, that can help me decide on various courses of action from basic remediation to replacing the whole system in the most extreme.

Looking for briefest answers, here are some starting questions I have:

What are the common vectors for installing rootkits? (And if I understand correctly, this would include MBR as well as BIOS? So same question for each.)

How common are rootkits that survive OS reinstall (and are these limited to BIOS, or can MBR infections achieve this?)

How common are USB key infections? I know many government agencies have had policies for a few years now of not allowing employees to even use USB keys on their machines, but these are high security settings.

If there's a concern about attacks that are unknown to commercial AV tools, would commercial tools still be useful in detecting a rootkit from a fresh OS install? E.g. detecting unexpected network traffic as it tries to download additional malware?

On a previously compromised machine, is there really any hope of detecting a keylogger? I am suspecting not (unless a very poorly written keylogger, or already known to AV software.)

On all of these, I can post single questions for more detail; I'm just trying to figure out which things to explore first, and which are dead-ends.

Explanation / Answer

Mainly by hooking the system calls. I suggest you read a book about this because I cannot cover it all here. I suggest: practical malware analysis and rootkit arsenal

Depends on the rootkit. Read rootkit arsenal for details

Not every rootkit is delivered using USB. Some can use your email attachments, 0day vulnerability in your browsers, etc..

They are called 0days exploits/vulnerabilities. Security engineers are working on detecting those using a technique called behavioral malware analysis. It is a mouse-cat game.

A real hacker (not script kiddies) would make his/her attack persistent. First thing to do is kill any AV.

Related Questions

I\'m in java one and need help with this code. please follow the directions give
Question #3690205
I\'m in java one and need help with this code. please follow the given direction
Question #3686914
I\'m in java one and need help with this code. please follow the given direction
Question #3688772
I\'m in java one and need help with this code. please follow the givne direction
Question #3691429
I\'m in java one and need help with this code. please follow the givne direction
Question #3693359
I\'m in java one and need help with this code. please follow the givne direction
Question #3695324
I\'m in java one and need help with this code. please follow the givne direction
Question #3695640
I\'m in java one. can some body with this code please. thank you. Programming Co
Question #3668275
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
I\'m intrigued that many sites use seemingly random numbers with a random operat
Next
I\'m involved in a project for a redesign of an existing site. The Designer Team

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.