Educause Security Discussion mailing list archives
Re: Rootkit discovery tools
From: Wyman Miles <wm63 () CORNELL EDU>
Date: Tue, 27 Jun 2006 11:22:35 -0400
Interesting, but I take it this is applies to the UNIX environment only. We're still focused on the Microsoft desktop and was wondering if anyone has used BartPE in a big way? Might be worth revisiting if a bootable package of tools could be put together and used without much intervention from the end user.
It'll boot the PC to linux, yes. One way or another, you're in an OS that isn't native to the machine being scanned. We shied away from BartPE early on when many of the tools we'd otherwise want bumped up against various licensing requirements.
Mike Mike Wiseman Computing and Networking Services University of TorontoI fixed up the netboot stuff in our re-package of Helix 1.7 to do this. Well, strictly, it was to run spider remotely on a pile of machines. We threw Clamscan and BitDefender in the bargain, though, which makes essentially what you describe. The systems PXE boot, do their stuff from helix. It does require that the clients be manually rebooted the following morning, as there's a chicken-and-egg problem in the process.I'm none too clear on how one might do this, but I'd guess that maybe netbooting for the first bootstrap might be involved.. Graham PS Rootkitrevealer is the only one I know of that is even likely to work from within windows itself, if we can't come up with a clever chained bootstrap trick.Wyman Miles Senior Security Engineer Cornell University
Wyman Miles Senior Security Engineer Cornell University
Current thread:
- Re: Rootkit discovery tools, (continued)
- Re: Rootkit discovery tools Wes Young (Jun 27)
- Re: Rootkit discovery tools David Taylor (Jun 27)
- Re: Rootkit discovery tools Caroline Couture (Jun 27)
- Re: Rootkit discovery tools Graham Toal (Jun 27)
- Re: Rootkit discovery tools Wyman Miles (Jun 27)
- Re: Rootkit discovery tools David Boyer (Jun 27)
- Re: Rootkit discovery tools James H Moore (Jun 27)
- Re: Rootkit discovery tools David Taylor (Jun 27)
- Re: Rootkit discovery tools Mike Wiseman (Jun 27)
- Re: Rootkit discovery tools Graham Toal (Jun 27)
- Re: Rootkit discovery tools Wyman Miles (Jun 27)
- Re: Rootkit discovery tools Valdis Kletnieks (Jun 28)
- Re: Rootkit discovery tools Graham Toal (Jun 28)
- Re: Rootkit discovery tools Valdis Kletnieks (Jun 28)
- Re: Rootkit discovery tools Jeni Li (Jun 28)
- Re: Rootkit discovery tools Jeni Li (Jun 28)