Educause Security Discussion mailing list archives
Re: Rootkit discovery tools
From: Mike Wiseman <mike.wiseman () UTORONTO CA>
Date: Tue, 27 Jun 2006 11:10:44 -0400
Interesting, but I take it this is applies to the UNIX environment only. We're still focused on the Microsoft desktop and was wondering if anyone has used BartPE in a big way? Might be worth revisiting if a bootable package of tools could be put together and used without much intervention from the end user. Mike Mike Wiseman Computing and Networking Services University of Toronto
I fixed up the netboot stuff in our re-package of Helix 1.7 to do this. Well, strictly, it was to run spider remotely on a pile of machines. We threw Clamscan and BitDefender in the bargain, though, which makes essentially what you describe. The systems PXE boot, do their stuff from helix. It does require that the clients be manually rebooted the following morning, as there's a chicken-and-egg problem in the process.I'm none too clear on how one might do this, but I'd guess that maybe netbooting for the first bootstrap might be involved.. Graham PS Rootkitrevealer is the only one I know of that is even likely to work from within windows itself, if we can't come up with a clever chained bootstrap trick.Wyman Miles Senior Security Engineer Cornell University
Current thread:
- Rootkit discovery tools John Tooley (Jun 26)
- <Possible follow-ups>
- Re: Rootkit discovery tools Wes Young (Jun 27)
- Re: Rootkit discovery tools David Taylor (Jun 27)
- Re: Rootkit discovery tools Caroline Couture (Jun 27)
- Re: Rootkit discovery tools Graham Toal (Jun 27)
- Re: Rootkit discovery tools Wyman Miles (Jun 27)
- Re: Rootkit discovery tools David Boyer (Jun 27)
- Re: Rootkit discovery tools James H Moore (Jun 27)
- Re: Rootkit discovery tools David Taylor (Jun 27)
- Re: Rootkit discovery tools Mike Wiseman (Jun 27)
- Re: Rootkit discovery tools Graham Toal (Jun 27)
- Re: Rootkit discovery tools Wyman Miles (Jun 27)
- Re: Rootkit discovery tools Valdis Kletnieks (Jun 28)
- Re: Rootkit discovery tools Graham Toal (Jun 28)
- Re: Rootkit discovery tools Valdis Kletnieks (Jun 28)
- Re: Rootkit discovery tools Jeni Li (Jun 28)
- Re: Rootkit discovery tools Jeni Li (Jun 28)