The main purpose of a rootkit is to hide malicious activity by modifying or replacing legitimate system binaries (e.g., ls, ps, netstat) so they no longer show the presence of malicious files, users, or processes. This enables attackers to maintain persistent and stealthy access.

From CEH v13 Official Courseware:

Module 6: Malware Threats → Rootkits

CEH v13 Study Guide states:

“Rootkits are stealthy programs designed to conceal the existence of other malicious processes or programs by replacing legitimate operating system utilities and binaries. This makes detection and removal extremely difficult.”

Incorrect Options:

A: This is a backdoor’s behavior.

B: A buffer overflow is a method of exploitation, not the rootkit’s purpose.

D: Refers to a backdoor or vulnerability, not a rootkit’s core function.