Forensics
Back to list
|
Post reply
New Tool : Unhide
Dec 31 2005 04:46PM
YJesus (yjesus security-projects com)
Unhide is a forensic tool to find hidden processes and TCP/UDP ports by
rootkits / LKMs or by another hidden technique.
// Unhide (ps)
Detecting hidden processes. Implements three techniques
·Compare /proc vs /bin/ps output
·Compare info gathered from /bin/ps with info gathered from syscalls (syscall
scanning)
·Full PIDs space ocupation (PIDs bruteforcing)
// Unhide-TCP
Identify TCP/UDP ports that are listening but not listed in /bin/netstat doing
brute forcing of all TCP/UDP ports availables.
-------------
http://www.security-projects.com/?Unhide
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
rootkits / LKMs or by another hidden technique.
// Unhide (ps)
Detecting hidden processes. Implements three techniques
·Compare /proc vs /bin/ps output
·Compare info gathered from /bin/ps with info gathered from syscalls (syscall
scanning)
·Full PIDs space ocupation (PIDs bruteforcing)
// Unhide-TCP
Identify TCP/UDP ports that are listening but not listed in /bin/netstat doing
brute forcing of all TCP/UDP ports availables.
-------------
http://www.security-projects.com/?Unhide
[ reply ]