lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: B3r3n at (B3r3n)
Subject: Rootkit

Hi Dave,

Just my 2 cents advice.

>Can anyone recommend a good scanner or info site where I can compare some of
>the binaries I saved (the machine has been wiped)?

The first thing I do to scan filesystems suspected of being intruded is to 
launch against them (from remote or booting on CD, ...) an antivirus.
I found these were detecting many rootkit signatures.
This simple action could help stepping forward, but is definitely not enough.

If you saved binaries, you could also simply do a 'strings' on them and 
check the "text" displayed.
If you see some infos (possibly the password to get in) that are definitely 
not matching with the binary's mission, that's suspicious.

What is the operating system you suspect to be intruded?
Some OS propose to public a MD5 signatures databases of all official 
versions of their binaries.
Could also be useful to compare with these databases

Hope this will help.


Powered by blists - more mailing lists