Focus on Linux
curuncula dbr rootkit detection tool Apr 23 2009 10:13PM
Giuseppe Cocomazzi (sbudella email it) (1 replies)
Hi,
I've released a little program named Curuncula.
Curuncula is a tool shipped as a loadable kernel module that aims to
detect rootkits based on the Intel debugging support facilities.
Rootkits that set the GD access flag are also detected. It makes use of
the "last branch recording" mechanism provided by the Intel
architecture. Support both the 2.4 and 2.6 Linux kernels.
Complete source code can be found here:
http://packetstormsecurity.org/UNIX/audit/curuncula.tgz

I hope you find it useful.
Regards,
Giuseppe Cocomazzi

--
every day above ground is a good one.

[ reply ]
Re: curuncula dbr rootkit detection tool May 22 2009 10:53AM
Forums (forums htbindustries org) (1 replies)
RE: curuncula dbr rootkit detection tool May 25 2009 04:44PM
Jeremi Gosney (Jeremi Gosney motricity com)


 

Privacy Statement
Copyright 2010, SecurityFocus