More Tools to assist in the search for Hidden files etc + a couple of specific Rootkit/Sleath seeking Apps. All are FREE except for HF, but you can download and try it before you buy. Have fun !
HiddenFinder
http://www.wenpoint.com/product/hiddenfinder.html
DetectProc - Detect Hidden Processes
Hidden service detector
https://www.rootkit.com/newsread.php?newsid=423
Unhide
http://www.security-projects.com/?Unhide
Just released today is a 1.53Mb PPT available for DL on the RAIDE = Rootkit Analysis Identification Elimination tool, that i previewed in here on page 1 in January.
Peter Silberman has been working in computer security field for a number of years, specializing in rootkits, reverse engineering and automated auditing solutions. Peter was previously employed at HBGary.
Jamie Butler author of Rootkits: Subverting the Windows Kernel, and former Director of Engineering at HBGary Inc. is now involved with Copilot: A high assurance integrity monitor - www.komoku.com/technology.shtml
RootKit Hook Analyzer
http://www.resplendence.com/hookanalyzer
System Virginity Verifier
Keynote Presentation - Black Hat Europe 2006
Presentations are now on-line.
-
Peter Silberman & Jamie Butler
RAIDE: Rootkit Analysis Identification Elimination
-
Joanna Rutkowska
Rootkit Hunting vs. Compromise Detection
-
John Heasman
Implementing and Detecting An ACPI BIOS Rootkit
-
All available right now here - http://www.blackhat.com/html/bh-media-archives/bh-archives-2 006.html#eu-06 - Njoy
Spanner
2 additions to include 4 U -
-
zeppoo
07.03.06 Zeppoo-0.0.2 is available.
A new option has been added! Zeppoo can check the Interrupt Descriptor Table
01.03.6 Zeppoo v0.0.1
This is the first release of Zeppoo!!
This software allows you to detect rootkits on i386 architecture under Linux, by using /dev/kmem and /dev/mem.
Moreover it can detect hidden tasks, connections, corrupted symbols, system calls ... and so many other things.
Currently all the existing rootkits don't use these methods and can be easily hacked.
At this time you can only download the Python's version of Zeppoo, but the C version will be avaible in few days.
In addition, by visiting the website you will find all necessary informations to use it. However if you have any problems,please feel free to contact us with them.
Free - http://www.zeppoo.net/ -
They are very interested in porting it over to Windows, so if you can offer any assistance then get touch !
-
RootKitty
RootKitty is a very simple utility that makes a file listing when running from windows and a file listing from PE/ubcd4win then compares the two files and shows you the differences (looking for rootkits).
Can detect and delete.
Saves a log.
It doesn't scan for hidden registry entries (yet) but he's working on it.
Free - http://www.ubcd4win.com/forum/index.php?s=b2064cb601a4694c6a 7f4abe10422d54&showtopic=2424
-
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
