Penetration Testing mailing list archives
RE: Rootkits
From: "Sahir Hidayatullah" <sahirh () mielesecurity com>
Date: Wed, 8 Mar 2006 16:00:04 +0530
I'd appreciate it if you could also point out resources to eliminate them
completely. Icesword by the Xfocus guys: http://xfocus.net/tools/200509/1085.html Sysinternals.com rootkit revealer should detect any persistent rootkit: http://www.sysinternals.com/Utilities/RootkitRevealer.html F-Secure's Blacklight: http://www.f-secure.com/blacklight/ Of course, the output of these tools is far from what you might be used to from your antivirus, it won't pop-up saying 'XYZ rootkit found'... you'll probably find something along the lines of your SSDT table has been hooked or that the EPROCESS structure doesn't match with the results of ZwQuerySystemInformation. Having a little bit of background on how device drivers and rootkits work would be a good idea. One can do no better than Greg Hoglund's work at http://www.rootkit.com. I highly recommend his book, 'Rootkits - Subverting the Windows Kernel'. You could also visit Joanna Rutkowska's site http://www.invisiblethings.org. Regards, Sahir Hidayatullah. -----Original Message----- From: ankur jindal [mailto:ankurjn113 () hotmail com] Sent: Wednesday, March 08, 2006 7:55 AM To: pen-test () securityfocus com Subject: Rootkits Hi Could someone tell me a few of the popular trojans or rootkits, of the types which are good at concealing themselves? I need this information for an exercise that I am doing. Thanks Ankur Jindal ---------------------------------------------------------------------------- -- This List Sponsored by: Cenzic Concerned about Web Application Security? As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com ---------------------------------------------------------------------------- -- ------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com ------------------------------------------------------------------------------
Current thread:
- Rootkits ankur jindal (Mar 08)
- Re: Rootkits Ivan . (Mar 08)
- Re: Rootkits Dotzero (Mar 08)
- RE: Rootkits Sahir Hidayatullah (Mar 08)
- <Possible follow-ups>
- RE: Rootkits Craig Wright (Mar 08)
- Re: Rootkits Max (Mar 08)
- Message not available
- Re: Rootkits Idan Deshe (Mar 09)
- Re: Rootkits Bojan Zdrnja (Mar 09)
- Re: Rootkits circut (Mar 09)
- Re: Rootkits Max (Mar 08)
- RE: [lists] Re: Rootkits Curt Purdy (Mar 10)
- Re: Rootkits Pablo Fernandez (Mar 08)
- RE: Rootkits Adrian Floarea (Mar 09)