«
Expand/Collapse
65 items tagged "rootkit"
Related tags:
usa [+],
slides [+],
shell script [+],
rootkits [+],
perl modules [+],
package [+],
hunter [+],
runtime environments [+],
code [+],
vulnerability [+],
video [+],
sherri sparks [+],
kernel level [+],
kernel [+],
julian grizzard [+],
jamie butler [+],
android [+],
turtle [+],
tarball [+],
research purposes [+],
preload [+],
paper [+],
ncom [+],
memory resident [+],
memory analysis [+],
memory [+],
magic packet [+],
libcall [+],
lenny host [+],
lenny [+],
kit [+],
kernel module [+],
jynx [+],
joanna rutkowska [+],
hijacking [+],
freebsd [+],
forensic tools [+],
exim [+],
detailed research [+],
debian [+],
chkrootkit [+],
bill blunden [+],
bells and whistles [+],
audio [+],
windows services [+],
walker [+],
uninvited [+],
tdl [+],
system management mode [+],
system [+],
sony [+],
smart tool [+],
silberman [+],
shawn embleton [+],
shadow walker [+],
shadow [+],
root privileges [+],
rich features [+],
remediation rates [+],
raising the bar [+],
raide [+],
peter silberman [+],
party [+],
ntfs filesystem [+],
new breed [+],
new [+],
mario ballano [+],
landscape [+],
kernel mode [+],
john heasman [+],
japanese android [+],
implementing [+],
hunting [+],
compromise [+],
boston [+],
bios [+],
bar [+],
andrea lelli [+],
analysis [+],
advancedwinservicemanager [+],
acpi bios [+],
abu dhabi [+],
64 bit windows [+],
zero day [+],
zero [+],
william a. arbaugh [+],
william a arbaugh [+],
virtualized [+],
video overview [+],
technological development [+],
surgical [+],
statistcs [+],
spence [+],
sony ps3 [+],
snafu [+],
self [+],
rumours [+],
root [+],
researchers [+],
read [+],
ptacek [+],
propagation [+],
presentation [+],
post mortem [+],
post [+],
phone [+],
petroni [+],
permanent [+],
penetrates [+],
patch update [+],
pack [+],
overview [+],
oracle [+],
notorious [+],
nick petroni [+],
next [+],
nate lawson thomas ptacek [+],
mortem [+],
martin khoo [+],
malware [+],
linux [+],
joanna [+],
jason spence tags [+],
hooking [+],
hacks [+],
hacker [+],
growth [+],
generic methods [+],
exponential growth [+],
exponential [+],
dont tell [+],
dirty [+],
develops [+],
demo rootkit [+],
demo [+],
defeating [+],
dead authors [+],
dead [+],
day [+],
darknet [+],
cpu [+],
controversy [+],
cmos [+],
blue [+],
blamed [+],
bit [+],
backdoor [+],
autorun [+],
asia [+],
alexander kornbrust [+],
aka alureon [+],
add [+],
acquisition tools [+],
accusations [+],
Hardware [+],
black hat [+]
-
-
14:24
»
Packet Storm Security Recent Files
Rootkit Hunter scans files and systems for known and unknown rootkits, backdoors, and sniffers. The package contains one shell script, a few text-based databases, and optional Perl modules. It should run on almost every Unix variety except Solaris and NetBSD.
-
14:24
»
Packet Storm Security Tools
Rootkit Hunter scans files and systems for known and unknown rootkits, backdoors, and sniffers. The package contains one shell script, a few text-based databases, and optional Perl modules. It should run on almost every Unix variety except Solaris and NetBSD.
-
14:24
»
Packet Storm Security Misc. Files
Rootkit Hunter scans files and systems for known and unknown rootkits, backdoors, and sniffers. The package contains one shell script, a few text-based databases, and optional Perl modules. It should run on almost every Unix variety except Solaris and NetBSD.
-
-
9:22
»
Packet Storm Security Recent Files
Jynx Kit is a LD_PRELOAD userland rootkit. Fully undetectable from chkrootkit and rootkithunter. Includes magic packet SSL reverse back connect shell. Solid building block for further LD_PRELOAD rootkits.
-
9:22
»
Packet Storm Security Tools
Jynx Kit is a LD_PRELOAD userland rootkit. Fully undetectable from chkrootkit and rootkithunter. Includes magic packet SSL reverse back connect shell. Solid building block for further LD_PRELOAD rootkits.
-
9:22
»
Packet Storm Security Misc. Files
Jynx Kit is a LD_PRELOAD userland rootkit. Fully undetectable from chkrootkit and rootkithunter. Includes magic packet SSL reverse back connect shell. Solid building block for further LD_PRELOAD rootkits.
-
-
21:46
»
SecDocs
-
21:46
»
SecDocs
-
-
21:40
»
SecDocs
-
21:40
»
SecDocs
-
-
3:09
»
SecDocs
Authors:
Tsukasa Ooi Tags:
Android rootkit Event:
Black Hat Abu Dhabi 2011 Abstract: Android devices have been repeatedly hacked for root privileges. Sometimes by malware authors, and sometimes by users themselves. This is because if someone gains root privileges, he or she can gain control of the parts of the system which are most useful for attackers (and for users as well). But this is not the end of the story - we need a bit more knowledge to gain much privilege inside the Android application system. On the other hand, some Japanese Android smartphones have an extra Linux Security Module (LSM) to prevent these rooting issues and protect the system from being overwritten. But because of Android's security weaknesses and incomplete LSM protection, the Android application system can still be taken over by exploitation. This presentation explains what we can/cannot do if we gain root privileges on an Android device, and introduces a new kind of Android rootkit. This rootkit needs only root privileges (no kernel-mode, no ptrace) and bypasses all existing security modules. This fact implies the possibility of advanced Android malware.
-
3:09
»
SecDocs
Authors:
Tsukasa Ooi Tags:
Android rootkit Event:
Black Hat Abu Dhabi 2011 Abstract: Android devices have been repeatedly hacked for root privileges. Sometimes by malware authors, and sometimes by users themselves. This is because if someone gains root privileges, he or she can gain control of the parts of the system which are most useful for attackers (and for users as well). But this is not the end of the story - we need a bit more knowledge to gain much privilege inside the Android application system. On the other hand, some Japanese Android smartphones have an extra Linux Security Module (LSM) to prevent these rooting issues and protect the system from being overwritten. But because of Android's security weaknesses and incomplete LSM protection, the Android application system can still be taken over by exploitation. This presentation explains what we can/cannot do if we gain root privileges on an Android device, and introduces a new kind of Android rootkit. This rootkit needs only root privileges (no kernel-mode, no ptrace) and bypasses all existing security modules. This fact implies the possibility of advanced Android malware.
-
-
21:49
»
SecDocs
-
-
21:28
»
SecDocs
-
-
21:31
»
SecDocs
-
-
11:46
»
SecDocs
-
3:47
»
SecDocs
-
-
21:40
»
SecDocs
-
-
21:51
»
SecDocs
-
-
21:38
»
SecDocs
-
-
21:36
»
SecDocs
-
-
21:42
»
SecDocs
-
-
14:30
»
Packet Storm Security Recent Files
Turtle rootkit for FreeBSD. This kernel module hooks unlink() so the protected file cannot be deleted, hooks kill() so the protected process cannot be killed, and has various other nice bells and whistles.
-
14:30
»
Packet Storm Security Tools
Turtle rootkit for FreeBSD. This kernel module hooks unlink() so the protected file cannot be deleted, hooks kill() so the protected process cannot be killed, and has various other nice bells and whistles.
-
14:30
»
Packet Storm Security Misc. Files
Turtle rootkit for FreeBSD. This kernel module hooks unlink() so the protected file cannot be deleted, hooks kill() so the protected process cannot be killed, and has various other nice bells and whistles.
-
-
6:14
»
SecDocs
Authors:
Andrea Lelli Mario Ballano Barcena Tags:
rootkit Event:
Hashdays 2010 Abstract: In this talk we will discuss recent rootkit techniques, referencing the Tidserv and Mebroot families, and outline the methods they use to bypass the NTFS filesystem in order to successfully hide data on disk. We will also focus on the defense against such attacks, including possible countermeasures. We will then examine how the security industry is responding to the evolving rootkit landscape. Finally, we will present and comment results and statistcs about systems affected and detection / remediation rates.
-
6:14
»
SecDocs
Authors:
Andrea Lelli Mario Ballano Barcena Tags:
rootkit Event:
Hashdays 2010 Abstract: In this talk we will discuss recent rootkit techniques, referencing the Tidserv and Mebroot families, and outline the methods they use to bypass the NTFS filesystem in order to successfully hide data on disk. We will also focus on the defense against such attacks, including possible countermeasures. We will then examine how the security industry is responding to the evolving rootkit landscape. Finally, we will present and comment results and statistcs about systems affected and detection / remediation rates.
-
-
5:30
»
SecDocs
-
-
14:13
»
SecDocs
-
-
11:55
»
Packet Storm Security Recent Files
Included in this archive is a private rootkit found in the wild that uses libcall hijacking. A detailed research analysis of how it functions has been created and is in the ncom.txt file.
-
11:55
»
Packet Storm Security Tools
Included in this archive is a private rootkit found in the wild that uses libcall hijacking. A detailed research analysis of how it functions has been created and is in the ncom.txt file.
-
11:55
»
Packet Storm Security Misc. Files
Included in this archive is a private rootkit found in the wild that uses libcall hijacking. A detailed research analysis of how it functions has been created and is in the ncom.txt file.
-
-
11:40
»
Packet Storm Security Recent Files
This tarball was discovered on a compromise Debian Lenny host after it was compromised via the recent remote root Exim vulnerability. It includes binaries such as the MIG logcleaner, backdoored versions of top, uptime, free, pgrep and more. Please note that a thorough analysis of these binaries has not been performed and they must be considered unsafe and untrustworthy. Only use the enclosed contents for research purposes. Further details regarding this rootkit can be obtained via the reddit site link.
-
11:40
»
Packet Storm Security Tools
This tarball was discovered on a compromise Debian Lenny host after it was compromised via the recent remote root Exim vulnerability. It includes binaries such as the MIG logcleaner, backdoored versions of top, uptime, free, pgrep and more. Please note that a thorough analysis of these binaries has not been performed and they must be considered unsafe and untrustworthy. Only use the enclosed contents for research purposes. Further details regarding this rootkit can be obtained via the reddit site link.
-
11:40
»
Packet Storm Security Misc. Files
This tarball was discovered on a compromise Debian Lenny host after it was compromised via the recent remote root Exim vulnerability. It includes binaries such as the MIG logcleaner, backdoored versions of top, uptime, free, pgrep and more. Please note that a thorough analysis of these binaries has not been performed and they must be considered unsafe and untrustworthy. Only use the enclosed contents for research purposes. Further details regarding this rootkit can be obtained via the reddit site link.
-
-
16:42
»
Packet Storm Security Recent Files
Rootkit Hunter scans files and systems for known and unknown rootkits, backdoors, and sniffers. The package contains one shell script, a few text-based databases, and optional Perl modules. It should run on almost every Unix variety except Solaris and NetBSD.
-
16:42
»
Packet Storm Security Tools
Rootkit Hunter scans files and systems for known and unknown rootkits, backdoors, and sniffers. The package contains one shell script, a few text-based databases, and optional Perl modules. It should run on almost every Unix variety except Solaris and NetBSD.
-
16:42
»
Packet Storm Security Misc. Files
Rootkit Hunter scans files and systems for known and unknown rootkits, backdoors, and sniffers. The package contains one shell script, a few text-based databases, and optional Perl modules. It should run on almost every Unix variety except Solaris and NetBSD.
-
-
6:22
»
Hack a Day
The g2 has finally been rooted. Even though a temporary root exploit was found shortly after the phones release, a NAND lock prevented modifying the non-volatile RAM for a permanent root. Some controversy surrounded the g2 when it was erroneously thought to have a rootkit protecting the OS. Supposedly the rootkit would watch for changes to the file system and then reset the phone [...]
-
-
21:05
»
SecDocs
-
-
21:04
»
SecDocs
-
-
4:52
»
SecDocs
Authors:
Erez Metula Tags:
rootkit Event:
Source Conference Boston 2010 Abstract: This presentation introduces an underestimated threat of application level rootkit attacks on managed code environments, enabling an attacker to change the language runtime implementation, and to hide malicious code inside its core. We'll be covering generic methods of malware development (rootkits,backdoors,logic manipulation, etc.) for application VM such as Java, .NET, Dalvik, and other managed code platforms by changing their internal behavior. The presentation will include attack scenarios and demos of information logging, reverse shells, backdoors, encryption keys fixation, and other nasty things. This presentation will introduce the new version of "ReFrameworker" (previously known as .NET-Sploit) - a generic language modification tool, that can be used to implement the application level rootkit concept. More information on Managed Code Rootkits (MCR) can be found here: http://www.AppSec.co.il
-
-
4:57
»
SecDocs
Authors:
Bill Blunden Tags:
rootkit Event:
Source Conference Boston 2010 Abstract: While there are a multitude of battle-tested forensic tools that focus on disk storage, the domain of memory analysis is still emerging. In fact, even the engineers who work at companies that sell memory-related tools have been known to admit that the percentage of investigators who perform an in-depth examination of memory is relatively small. In light of this, staying memory resident is a viable strategy for rootkit deployment. The problem then becomes a matter of remaining inconspicuous and finding novel ways to survive a system restart. In this presentation I’ll look at rootkit technology that tackles both of these issues on the Windows platform.
-
-
5:51
»
SecDocs
Authors:
Bill Blunden Tags:
forensic rootkit Event:
Black Hat DC 2010 Abstract: While there are a multitude of battle-tested forensic tools that focus on disk storage, the domain of memory analysis is still emerging. In fact, even the engineers who work at companies that sell memory-related tools have been known to admit that the percentage of investigators who perform an in-depth examination of memory is relatively small. In light of this, staying memory resident is a viable strategy for rootkit deployment. The problem then becomes a matter of remaining inconspicuous and finding novel ways to survive a system restart. In this presentation I’ll look at rootkit technology that tackles both of these issues on the Windows platform.
-
5:51
»
SecDocs
Authors:
Bill Blunden Tags:
forensic rootkit Event:
Black Hat DC 2010 Abstract: While there are a multitude of battle-tested forensic tools that focus on disk storage, the domain of memory analysis is still emerging. In fact, even the engineers who work at companies that sell memory-related tools have been known to admit that the percentage of investigators who perform an in-depth examination of memory is relatively small. In light of this, staying memory resident is a viable strategy for rootkit deployment. The problem then becomes a matter of remaining inconspicuous and finding novel ways to survive a system restart. In this presentation I’ll look at rootkit technology that tackles both of these issues on the Windows platform.
-
-
9:00
»
Packet Storm Security Tools
AdvancedWinServiceManager is a smart tool to remove hidden rootkit services. It makes it easy to eliminate such malicious services by separating out third party services from Windows services. By default it shows only third party services along with more details such as Company Name, Description, Install Date, File Path etc at one place which helps in quickly differentiating between legitimate and malicious services. It comes with rich features such as detecting hidden rootkit services, exporting the service list to html based log file, displaying only third party services etc.
-
9:00
»
Packet Storm Security Recent Files
AdvancedWinServiceManager is a smart tool to remove hidden rootkit services. It makes it easy to eliminate such malicious services by separating out third party services from Windows services. By default it shows only third party services along with more details such as Company Name, Description, Install Date, File Path etc at one place which helps in quickly differentiating between legitimate and malicious services. It comes with rich features such as detecting hidden rootkit services, exporting the service list to html based log file, displaying only third party services etc.
1337day (was: Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Sophos security news
Penetration Testing
SecuriTeam
BackTrack Linux Forums
Threatpost
carnal0wnage.attackresearch.com
Carnal0wnage
Darknet
The Exploitant
Wirevolution