Honeypots mailing list archives

Kernel-level Rootkits

From: "Edward Ray" <support () mmicman com>
Date: Sun, 8 Dec 2002 18:33:47 -0800

Hello everyone.

A question concerning Kernel-level rootkits.

Has anyone used a kernel-level rootkit (i.w. Knark, Adore, KIS) in a
honeypot implementation?

It would appear to have a few advantages, but only in the hands of someone
who knew how to use it correctly.

If anybody has experimented with kernel-level rootkits, I would be
interested in your results, as I am considering using a rootkit (after I
learn how it works of course) in a honeypot of my own.

Regards,

Edward W. Ray

Current thread:

Kernel-level Rootkits Edward Ray (Dec 09)
- Re: Kernel-level Rootkits mike (Dec 09)
- Re: Kernel-level Rootkits Dominik Lupinski (Dec 09)
- <Possible follow-ups>
- Kernel-level Rootkits fred (Dec 09)