lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <BANLkTin0_=Hq-=HfR_SdUewa+GvSa8TS6g@mail.gmail.com> Date: Fri, 20 May 2011 04:34:13 -0700 From: Kristian Erik Hermansen <kristian.hermansen@...il.com> To: full-disclosure@...ts.grok.org.uk Subject: WindowsSCOPE hardware analyzer for rootkits? Has anyone tried this WindowsSCOPE hardware before? The video talks about how they used it to detect/analyze Shadow Walker rootkit. Also, seems you can make memory snapshots in time and see how kernel SSDT/IDT ptrs change, among other things. Also shows colorized differences in code pages between snapshots. http://www.windowsscope.com/index.php?option=com_content&view=article&id=80&Itemid=49 I heard they are giving away free demo devices to the technical reviewers that call them up to ask for it. I am somewhat skeptical though that it is any different than what you can already do with existing software/hardware tools. Anyone use it before? -- Kristian Erik Hermansen http://www.linkedin.com/in/kristianhermansen _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists