(Page 2 of 4)   < Prev  1 2 3 4  Next >

Category: Auditing » Backdoors

Vision
Added 2002-02-26
by Foundstone
Vision, Foundstone's newest forensic product, is an essential part of a computer security professional's tool-kit. Vision maps all of a host's executables to corresponding ports, allowing you to identify and investigate suspicious services. Vision enables you to interrogate suspect services to identify backdoors and Trojan applications. If a malicious service is identified, Vision allows you to immediately kill it.

BlackList Scanner
Added 2001-10-22
by James B. Nickson
The advantages of automated blacklist scanning include: -New lists can be incorporated immediately -Many NT servers can force a scan for the attaching system at logon -extraordinary flexibility, e.g. either scan all drives or just C: at the drop of a had (or editing a batch file). -Very high speed Very compact for wide distribution -Component testability, not just a magic package that may work and often fails. -Extensibility into other areas/applets with River Techniques (tm)

PassDump
Added 2001-10-22
by janker
Dump the logging user's crypted password from memory to a file

Code Red v3 (aka Code Red II) Fix
Added 2001-10-22
by Richard Puckett
CD3FIX.EXE Code Red v3 Trojan Removal & Script Mapping Remediation Utility rpuckett@cisco.com 1. Looks for active EXPLORER.EXE processes and deletes those that have an execution path from the root of C:\ or D:\ 2. Unhides and deletes EXPLORER.EXE files in root of C:\ & D:\, deletes ROOT.EXE in /scripts and /MSADC directories 3. Removes SFCDisable from the Winlogon subkey of HKLM 4. Repairs the "...,,217" extensions from any of the values in the Virtual Root subkey of /W3SVC 5. Checks for static mappings in the ScriptMap subkey 6. Iterates the IIS 5.0 Metabase for .IDC, .IDA & .IDQ extension mappings and removes them 7. Creates a log file on C:\ (C:\cd3fix.log) 8. Reboots the box.

NFR BackOfficer Friendly
Added 2001-10-22
by NFR Security
NFRŪ BackOfficer Friendly is a useful little burglar alarm - simple, unobtrusive, and easy to install - which rings when someone rattles your doorknob. It identifies attacks from Back Orifice, one of the nastier hacking applications, as well as other sorts of scans. NFR is currently offering BackOfficer Friendly as a FREE download for personal use only.

Purge-It
Added 2001-10-22
by Purge It, support@purge-it.com
Purge-It! is a Anti-Trojan/Backdoor and Anti-Malware Suite. It heavily resides on the capability of the End-user. In order to deploy Purge-It! at its full strength the user needs to know at least the basics. It's up to the End-User to develop generic methods at monitoring the integrity of their system.

tini
Added 2001-10-22
by Arne Vidstrom
"tini" is a simple and very small (3kb) backdoor for Windows, coded in assembler. It listens at TCP port 7777 and gives anybody who connects a remote Command Prompt. Version 1.2 fixes a bug in the first version so it now works on Windows 9x too.

CrucialADS
Added 2001-10-22
by Crucial Security
CrucialADS is a GUI based Alternate Data Stream scanning tool. CrucialADS is designed to quickly and easily detect the presence of Alternate Data Streams in NTFS files and directories.

ForixNT
Added 2001-10-22
by Forix Business Solutions, Inc.
ForixNT is an NT vulnerability scanner...and so much more! ForixNT is a flexible, extensible toolkit that NT administrators can use to automate policy-based security management in a way that fits their infrastructure. Rather than spending $1000's for a commercial product, NT administrators can use ForixNT to collect configuration information from NT systems across the enterprise. For example, ForixNT collects: Host information (Service Pack, HotFixes, modems, trusted domains, etc) Services (state, account each service runs under, etc) Registry key values "Trojan Keys" (see my article, "What you really need to know about network backdoor "trojan" programs"on NT) Audit settings (what events are being audited...if any) EventLog settings (via the Registry) File Permissions (checks for NTFS file system first...even remotely) Registry Permissions Domain Account Policy

NDiff
Added 2001-10-22
by James Levine
NDiff compares two nmap scans and outputs the differences. It allows monitoring of your network(s) for interesting changes in port states and visible hosts. Viewing results in this manner eliminates the need to sift through voluminous raw scan output in search of the few noteworthy differences. It should be useful to network administrators, security analysts, and other interested parties who need to monitor large networks in an organized fashion.

Search Tools
Keyword:
Platform:
Category:
Browse by category
Auditing
Log Analysis, Host, Passwords, Network, File Integrity, PSTN, Forensics, Backdoors, Source Code
Sniffers
Recovery
Passwords
Utilities
Passwords, Filesystem, Network, System, Compiler, Log Management, Usage Monitoring, Email
Authentication
One Time Passwords, User Authentication, Password Management, Web, Server, Certificates, Tokens
Intrusion Detection
Network, Host, Web, Evasion
Access Control
Network, Firewall, user privileges, RPC, Bootup, File System, Applications, Mandatory Access Control, Server, X-Windows, ACLs, Privileges
Replacement
Libraries, Applications
Programming
Libraries
Cryptography
Libraries, Random Numbers, Traffic Encryption, Data Encryption, Cryptoanalysis, Steganography, E-mail
Network Monitoring
Policy Enforcement
Web Access, Email
System Security Management
Accounts, Console, Windows NT, Firewall, Configuration, Filesystem, Linux, Solaris, Monitoring
Network Utilities
Tunneling, Miscellaneous, Monitoring
Rootkits
Secure Deletion
Hardening
Linux, FreeBSD, NT, Solaris
Hostile Code
Detection, Removal, Sandbox


 

Privacy Statement
Copyright 2010, SecurityFocus