Back to list
New Tool : Unhide
Dec 31 2005 04:46PM
YJesus (yjesus security-projects com)
Unhide is a forensic tool to find hidden processes and TCP/UDP ports by
rootkits / LKMs or by another hidden technique.
// Unhide (ps)
Detecting hidden processes. Implements three techniques
·Compare /proc vs /bin/ps output
·Compare info gathered from /bin/ps with info gathered from syscalls (syscall
·Full PIDs space ocupation (PIDs bruteforcing)
Identify TCP/UDP ports that are listening but not listed in /bin/netstat doing
brute forcing of all TCP/UDP ports availables.
[ reply ]
Copyright 2010, SecurityFocus