IDS mailing list archives
Re: rootkit and trojan hunting
From: "Nuno Treez" <nunotreez () gmail com>
Date: Thu, 27 Mar 2008 12:11:55 +0100
Return C, have you looking about system call hooking or system call table modifications?
Don't reinvent the wheel -- just use Tripwire. http://sourceforge.net/projects/tripwire/ for the open source version,
(sigh) What about learning? "Give a man a fish and you feed him for a day. Teach a man to fish and you feed him for a lifetime." Chinese Proverb -- Nuno Treez -- Being a pain in the Internet's ass since 1996. -- Si vis pacem, para bellum. (Vegetius, Epitome rei militaris, 3. Praef.) -- ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
Current thread:
- rootkit and trojan hunting Return C (Mar 26)
- Re: rootkit and trojan hunting "Zow" Terry Brugger (Mar 26)
- Re: rootkit and trojan hunting Jeff D (Mar 26)
- Re: rootkit and trojan hunting Nuno Treez (Mar 28)
- Re: rootkit and trojan hunting "Zow" Terry Brugger (Mar 28)
- Re: rootkit and trojan hunting Return C (Mar 28)
- Re: rootkit and trojan hunting "Zow" Terry Brugger (Mar 28)
- Re: rootkit and trojan hunting "Zow" Terry Brugger (Mar 26)