Dailydave mailing list archives
Re: fragging with rootkit detectors?
From: Mark <mark () vulndev org>
Date: Mon, 20 Jun 2005 07:43:43 +0100 (BST)
<top_post> Morning all, (yeah ok so not morning everywhere but I can live with being wrong for 12 hours out of 24, that's pretty normal). I hasten to add that this is a general rambling so if you're bored by this point just close the email, log off (I said log!) and get on with the rest of your day.... I would be very surprised if CSA or other similar products (everyone knows i'm vendor neutral in my general sarcasm) are not detected by a product which is doing it's job correctly with a thought towards rootkit detection, this includes insertion points, helping show where the int overflows or other such things may be etc.. Did I say that? Of course maybe there will be a Pd project (wow, the power of linking threads!!!) which will allow rootkit detectors to only detect rootkits which are not on a "preference" list? hmm.. encrypted rootkit channels.. Oh yes, it's been done. anyway, feel better for that little ramble extract from it what you will, Time for coffee, M </top_post> On Sun, 19 Jun 2005, Rodney Thayer wrote:
Do you think these rootkit detectors would have any efficacy in detecting policy enforcement packages? Is there something out there that can detect the insertion points of oh, say, CSA? _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
-- VulnDev\[.\]org "Paranoia, keeping us clothed and fed since _init();" _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Thoughts about Cross-View based Rootkit Detection Joanna Rutkowska (Jun 19)
- Re: Thoughts about Cross-View based Rootkit Detection Dave Aitel (Jun 19)
- fragging with rootkit detectors? Rodney Thayer (Jun 19)
- Re: fragging with rootkit detectors? Mark (Jun 20)
- fragging with rootkit detectors? Rodney Thayer (Jun 19)
- Re: Thoughts about Cross-View based Rootkit Detection Dave Aitel (Jun 19)