lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Fri, 1 Aug 2008 12:30:38 +0530
From: Pallav Khandhar <pallav.khandhar@...il.com>
To: bugtraq@...urityfocus.com, security-basics@...urityfocus.com,
	pen-test@...urityfocus.com, full-disclosure@...ts.grok.org.uk,
	vuln-dev@...urityfocus.com, binaryanalysis@...urityfocus.com,
	honeypots@...urityfocus.com, packet@...ketstormsecurity.org,
	bugs@...uritytracker.com, news@...uriteam.com, focus-ms@...urityfocus.com,
	secprog@...urityfocus.com, forensics@...urityfocus.com,
	dailydave@...ts.immunitysec.com
Subject: Tool Release: ProcL - Detect Hidden Process

Greetings,

I am glad to release ProcL v1.0.  ProcL employs many different methods  
to detect hidden processes. Essentially, ProcL detailed and  
implemented a mechanism to embed all these different approaches in one  
tool to detect hidden processes. Our methods of detecting hidden  
processes requires the examination of each kernel object - EPROCESS,  
ETHREADS, HANDLES, JOBS. Therefore, we believe, ProcL would defeat  
process concealment from one certain method.

Hiding a process is particularly threatening because it represents  
some malicious code running on your system that you are completely  
unaware of. Process hiding has a significant effect. Many of the  
trojan, virus, spyware, rootkit writers use similar techniques to hide  
themselves and stay undetected as long as possible on target machines.  
Finding all the ways a rootkit might hide a process is just the first  
step in defending against the rootkits. Detecting hidden objects is a  
promising new area in rootkit detection.

For more information on the tool
http://www.scanit.net/rd/tools/03

Download the tool
http://www.scanit.net/files/tools/ProcL.zip

Cheers,
Pallav Khandhar
Sr. Security Researcher
Scanit R&D Lab
Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ