CWPP Demo – SentinelOne VS Diamorphine rootkit, XMRig (a cryptominer)

In this video, we showcase Singularity™ Cloud’s extended visibility and capabilities. This demonstration shows Singularity™ Cloud detecting and defending the Diamorphine rootkit, XMRig (a cryptominer), and the spawning of a reverse shell. Singularity™ Cloud protects cloud workloads running in Kubernetes from runtime threats and active exploitation. This scenario is an example of malware deployment (with persistence) through a command injection attack.

Terms:

Command Injection – An attacker can trick a vulnerable application into running arbitrary commands in the security context of the vulnerable application.

DVWA – “Damn Vulnerable Web Application” – an open-source platform for testing and observing common web vulnerabilities.

XMRig – XMRig is a commodity to which hijacks resources for mining cryptocurrency

Diamorphine – an open-source kernel-level rootkit. Diamorphine is supported on multiple LInux kernels, as well as cloud workload environments. The Diamorphine rootkit is utilized by multiple threat actors/groups.

#Diamorphine #XMRig #hacking #XMRig #XDR #security #malware #cryptominer #CWPP