Dailydave mailing list archives
Re: DR Linux 2.6 rootkit released
From: "Pierre Falda" <darkangel () antifork org>
Date: Thu, 4 Sep 2008 13:39:51 +0200
Hi people, if someone else is still interested in these things and wants to see an 'old' code, in 2006 i have published an article and a 2.4.x/2.6.x (tested until .19) linux rootkit which loads itself through kmem and fully implements these techniques. It's a full working rootkit with a debug registers engine and with anti detection checks via GD and CPU emulation to protect itself too. It has all modern rootkits hiding features, anti detection extra features like kmem/mem/kcore/procfs on the fly patching and most add-ons like TTY and applications sniffing. It works watching SCT and supports syscall invocations through int 80 and sysenter and so on. You can find the source code here: http://packetstormsecurity.org/UNIX/penetration/rootkits/mood-nt_2.3.tgz or here http://darkangel.antifork.org/codes.htm The article about the hardware engine (in Italian) is here http://darkangel.antifork.org/publications/Abuso%20dell%27Hardware%20nell%27Attacco%20al%20Kernel%20di%20Linux.pdf and if you want the printed version in a scientific publication you can go here: http://www.atsystem.org/en/conventions/nss06/convention+proceedings Have a nice day! Pierre Falda 'darkangel' http://darkangel.antifork.org Antifork Research Inc.
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- DR Linux 2.6 rootkit released Bas Alberts (Sep 03)
- Message not available
- Re: DR Linux 2.6 rootkit released Bas Alberts (Sep 04)
- Message not available
- Re: DR Linux 2.6 rootkit released Joanna Rutkowska (Sep 04)
- Re: DR Linux 2.6 rootkit released Piotr Bania (Sep 05)
- <Possible follow-ups>
- Re: DR Linux 2.6 rootkit released Pierre Falda (Sep 04)
- Re: DR Linux 2.6 rootkit released Bas Alberts (Sep 04)
- Re: DR Linux 2.6 rootkit released Bas Alberts (Sep 04)
- Re: DR Linux 2.6 rootkit released Mohammad Hosein (Sep 04)
- Re: DR Linux 2.6 rootkit released Valdis . Kletnieks (Sep 04)
- Re: DR Linux 2.6 rootkit released Jon Oberheide (Sep 05)
- Re: DR Linux 2.6 rootkit released Curt Wilson (Sep 05)
- Re: DR Linux 2.6 rootkit released Mohammad Hosein (Sep 04)