Focus on IDS
New release of Unhide (2011-01-13) Feb 07 2011 07:14PM
Yago Jesus (yjesus security-projects com)
Unhide is a forensic tool to find hidden processes and TCP/UDP ports
by rootkits / LKMs or by other hidden techniques.

// Unhide (ps)

Detects hidden processes. Six different techniques implemented:

- Comparing /proc vs /bin/ps output
- Comparing information gathered from /bin/ps with information
gathered by walking through the procfs.
- Compare information gathered from /bin/ps with information gathered
from syscalls (syscall scanning).
- Full PIDs space occupation (using PIDs bruteforcing)
- Reverse search, verifying that every threads seen by ps are also
seen by the kernel ( /bin/ps output vs /proc, procfs walking and
syscall )
- Quick compare /proc, procfs walking and syscall vs /bin/ps output.

// Unhide-TCP

Identify TCP/UDP ports that are listening but not listed in
/bin/netstat, bruteforcing every available TCP/UDP ports.

Changes in this release:

[+] New tests added.
[+] Now, Unhide is more modular, allowing the selection of single
tests (or metatests)
[+] New project homepage released: http://www.unhide-forensics.info

Regards!

-----------------------------------------------------------------
Securing Your Online Data Transfer with SSL.
A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate on your web server, you can securely collect sensitive information online, and increase business by giving your customers confidence that their transactions are safe.
http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a
17f194

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus