Dailydave mailing list archives
Re: redpill vs. Microsoft rootkit...
From: Dave Aitel <dave () immunityinc com>
Date: Tue, 14 Mar 2006 13:48:05 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Joanna Rutkowska wrote:
I find it quite funny that my little redpill, which many people used to consider as malicious, can now be used to detect advanced rootkits, like the one from MS Research: http://www.eecs.umich.edu/Rio/papers/king06.pdf It's interesting how some technology, which was invented as offensive or defensive at some point in time, within a next few years starts being used in the exactly opposite way...
I agree - we've started putting more and more defensive technology in CANVAS. We started with something very similar to redpill, but we now have memory grabber tools, and other things that I would have previously thought of as "defensive". But part of the fun of having these frameworks is you can start really loading them down with features you otherwise would have skipped - and a rootkit finder is really useful when you go into a box at first. Don't want to mess up someone else's crappy rootkit, ya know? - -dave -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFEFw/kB8JNm+PA+iURAv80AJoDlUWUluP7vuJ8edvFh0/d99D4uwCggUq4 rtaJunRce0nvBAZt0iRgD+M= =e43P -----END PGP SIGNATURE-----
Current thread:
- redpill vs. Microsoft rootkit... Joanna Rutkowska (Mar 13)
- Re: redpill vs. Microsoft rootkit... Dave Aitel (Mar 14)