Re: Rootkit discovery tools

[Mike Wiseman <mike.wiseman () UTORONTO CA>]

Interesting, but I take it this is applies to the UNIX environment only. We're still
focused on the Microsoft desktop and was wondering if anyone has used BartPE in a big way?
Might be worth revisiting if a bootable package of tools could be put together and used
without much intervention from the end user.

Mike


Mike Wiseman
Computing and Networking Services
University of Toronto


> I fixed up the netboot stuff in our re-package of Helix 1.7 to do this.
> Well, strictly, it was to run spider remotely on a pile of machines.  We
> threw Clamscan and BitDefender in the bargain, though, which makes
> essentially what you describe.
>
> The systems PXE boot, do their stuff from helix.  It does require that the
> clients be manually rebooted the following morning, as there's a
> chicken-and-egg problem in the process.
>
> > I'm none too clear on how one might do this, but I'd guess that
> > maybe netbooting for the first bootstrap might be involved..
> >
> >
> > Graham
> > PS Rootkitrevealer is the only one I know of that is even likely
> > to work from within windows itself, if we can't come up with a
> > clever chained bootstrap trick.
>
>
> Wyman Miles
> Senior Security Engineer
> Cornell University