Penetration Testing mailing list archives

RE: [lists] Re: Rootkits

From: "Curt Purdy" <purdy () tecman com>
Date: Fri, 10 Mar 2006 07:21:44 -0500

Better yet, install SuSE Linux, VMWare GSX Server, various Windoze virtual
machines on a dual-proc, dual-core AMD Opteron w/16gb RAM, turn the worm
lose on your virtual lab, and watch the fun.  Then throw everything away and
restore from you Acronis True-Image Server backup and you are back up and
running in less than hour.  A side benefit is when Windoze blue-screens like
it inevitably will, just throw it away and restore from Acronis, and you are
back up in 10-15 minutes.  Have not had to re-install Windoze for three
years.

Curt Purdy CISSP, GSNA, GSEC, CNE, MCSE+I, CCDA 
Information Security Officer 
If you spend more on coffee than on IT security, you will be hacked. 
What's more, you deserve to be hacked. 
-- former White House cybersecurity czar Richard Clarke

-----Original Message-----
From: Max [mailto:Reply.to.list () acme com] 
Sent: Wednesday, March 08, 2006 6:20 AM
Cc: pen-test () securityfocus com
Subject: [lists] Re: Rootkits

1. Ghost your machine
2. Do your thing with the rootkit
3. Restore your machine.

That's the safest and easiest way

M@x

Craig Wright wrote:

"I'd appreciate it if you could also point out resources to

eliminate them completely."

 
So would a lot of people - not possible or at least not feasible.
 
Regards,
Craig

    -----Original Message----- 
    From: ankur jindal [mailto:ankurjn113 () hotmail com] 
    Sent: Wed 8/03/2006 1:25 PM 
    To: pen-test () securityfocus com 
    Cc: 
    Subject: Rootkits
    
    
     


Liability limited by a scheme approved under Professional

Standards Legislation in respect of matters arising within 
those States and Territories of Australia where such 
legislation exists.


DISCLAIMER
The information contained in this email and any attachments

is confidential. If you are not the intended recipient, you 
must not use or disclose the information. If you have 
received this email in error, please inform us promptly by 
reply email or by telephoning +61 2 9286 5555. Please delete 
the email and destroy any printed copy.


Any views expressed in this message are those of the

individual sender. You may not rely on this message as advice 
unless it has been electronically signed by a Partner of BDO 
or it is subsequently confirmed by letter or fax signed by a 
Partner of BDO.


BDO accepts no liability for any damage caused by this

email or its attachments due to viruses, interference, 
interception, corruption or unauthorised access.

  


--------------------------------------------------------------
----------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
As attacks through web applications continue to rise, you 
need to proactively protect your applications from hackers. 
Cenzic has the most comprehensive solutions to meet your 
application security penetration testing and vulnerability 
management needs. You have an option to go with a managed 
service (Cenzic ClickToSecure) or an enterprise software 
(Cenzic Hailstorm). 
Download FREE whitepaper on how a managed service can help you: 
http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to 
confirm your results from other product. Contact us at 
request () cenzic com
--------------------------------------------------------------
----------------



------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
As attacks through web applications continue to rise, you need to proactively 
protect your applications from hackers. Cenzic has the most comprehensive 
solutions to meet your application security penetration testing and 
vulnerability management needs. You have an option to go with a managed 
service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). 
Download FREE whitepaper on how a managed service can help you: 
http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request () cenzic com
------------------------------------------------------------------------------

Current thread:

Rootkits ankur jindal (Mar 08)
- Re: Rootkits Ivan . (Mar 08)
- Re: Rootkits Dotzero (Mar 08)
- RE: Rootkits Sahir Hidayatullah (Mar 08)
- <Possible follow-ups>
- RE: Rootkits Craig Wright (Mar 08)
  - Re: Rootkits Max (Mar 08)
    - Message not available
    - Re: Rootkits Idan Deshe (Mar 09)
    - Re: Rootkits Bojan Zdrnja (Mar 09)
    - Re: Rootkits circut (Mar 09)
    - RE: [lists] Re: Rootkits Curt Purdy (Mar 10)
  - Re: Rootkits Pablo Fernandez (Mar 08)
- Re: Rootkits Miguel José Hernández y López (Mar 08)
  - RE: Rootkits Adrian Floarea (Mar 09)