Penetration Testing mailing list archives

Re: Rootkits

From: "Bojan Zdrnja" <bojan.zdrnja () gmail com>
Date: Fri, 10 Mar 2006 15:41:54 +1300

On 3/10/06, Idan Deshe <deshe.idan () gmail com> wrote:

An easier way will be to use a virtual machine like VM-ware.


Not necessarily. Keep in mind that a lot of malware today detects
VMWare and, in case it's running in a virtual machine, exits or does
something benign.
This is usually done in order to make reverse engineering more
difficult (and has a nice benefit that named malware doesn't work in
cases you use VMWare :).

Bojan

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security?
As attacks through web applications continue to rise, you need to proactively
protect your applications from hackers. Cenzic has the most comprehensive
solutions to meet your application security penetration testing and
vulnerability management needs. You have an option to go with a managed
service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm).
Download FREE whitepaper on how a managed service can help you:
http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request () cenzic com
------------------------------------------------------------------------------

Current thread:

Rootkits ankur jindal (Mar 08)
- Re: Rootkits Ivan . (Mar 08)
- Re: Rootkits Dotzero (Mar 08)
- RE: Rootkits Sahir Hidayatullah (Mar 08)
- <Possible follow-ups>
- RE: Rootkits Craig Wright (Mar 08)
  - Re: Rootkits Max (Mar 08)
    - Message not available
    - Re: Rootkits Idan Deshe (Mar 09)
    - Re: Rootkits Bojan Zdrnja (Mar 09)
    - Re: Rootkits circut (Mar 09)
    - RE: [lists] Re: Rootkits Curt Purdy (Mar 10)
  - Re: Rootkits Pablo Fernandez (Mar 08)
- Re: Rootkits Miguel José Hernández y López (Mar 08)
  - RE: Rootkits Adrian Floarea (Mar 09)