lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <2d7da92705071006533f7430e4@mail.gmail.com> Date: Sun Jul 10 14:53:33 2005 From: khaalel at gmail.com (khaalel) Subject: how to hide files, services and process in windows 2k/xp/2k3 box Hi, for the tips... sorry but i don't know which suggestions to give you, but i advise you to study AFX rootkit, when I wrote my first rootkit this code helped me a lot because it can hide """ a) Processes b) Handles c) Modules d) Files & Folders e) Registry Keys & Values f) Services g) TCP/UDP Sockets h) Systray Icons """ There is an article that is well writen (about win32 rootkit): it's "Analysis of a win32 userland rootkit " by Kdm, it's really a good paper. Nzeka Gilbert aka khaalel PS: If you want, i own the code of hxdef but this rootkit is known by everybody so for invisibility, hwdef is not the right tool !!! but the code is great for learning how to code a win32 rootkit. On 7/10/05, fatb <fatb@...urity.zz.ha.cn> wrote: > hi all guys > > I'm trying to write a rootkit to hide files,services and process > > in windows 2k/xp/2k3 box ,and it would not be detected by icesword,rkdetector > > and so on. > > Anybody could be kind enough to give me some tips or suggestions , thx alot! > > > BTW: I heard that golden hxdef could be avoid from icesword,rkdetector > > and any other anti-rootkit software ,anybody knew something about the golden hxdef ? > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > >
Powered by blists - more mailing lists