From: Sahir Hidayatullah (sahirh@mielesecurity.com)
Date: Wed Mar 08 2006 - 05:30:04 EST
> I'd appreciate it if you could also point out resources to eliminate them
completely.
Icesword by the Xfocus guys:
http://xfocus.net/tools/200509/1085.html
Sysinternals.com rootkit revealer should detect any persistent rootkit:
http://www.sysinternals.com/Utilities/RootkitRevealer.html
F-Secure's Blacklight:
http://www.f-secure.com/blacklight/
Of course, the output of these tools is far from what you might be used to
from your antivirus, it won't pop-up saying 'XYZ rootkit found'... you'll
probably find something along the lines of your SSDT table has been hooked
or that the EPROCESS structure doesn't match with the results of
ZwQuerySystemInformation. Having a little bit of background on how device
drivers and rootkits work would be a good idea. One can do no better than
Greg Hoglund's work at http://www.rootkit.com. I highly recommend his book,
'Rootkits - Subverting the Windows Kernel'. You could also visit Joanna
Rutkowska's site http://www.invisiblethings.org.
Regards,
Sahir Hidayatullah.
-----Original Message-----
From: ankur jindal [mailto:ankurjn113@hotmail.com]
Sent: Wednesday, March 08, 2006 7:55 AM
To: pen-test@securityfocus.com
Subject: Rootkits
Hi
Could someone tell me a few of the popular trojans or rootkits, of the types
which are good at concealing themselves? I need this information for an
exercise that I am doing.
Thanks
Ankur Jindal
----------------------------------------------------------------------------
-- This List Sponsored by: Cenzic Concerned about Web Application Security? As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request@cenzic.com ---------------------------------------------------------------------------- -- ------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request@cenzic.com ------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:38 EDT