During a penetration test, you discover a stealth program that prevents file-integrity scanners from seeing certain malicious files by intercepting system calls inside the kernel. Which technique allows the malware to remain invisible?
Injecting shellcode into user-mode libraries to confuse security tools
Changing environment variables to redirect lookups to empty folders
Erasing security audit logs after collection utilities finish
Modifying the system call table so scanners never list specific objects
Kernel-mode rootkits can hook or overwrite entries in the operating system's system-call table (or SSDT) so that when security tools request directory or process listings, the rootkit returns falsified results that omit its own files and processes. Because this takes place below user space, typical log reviews, environment variables, or user-mode library checks will not reveal the hidden components, whereas those other tactics remain visible at higher layers.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.