Home

RKDetect (RootKit Detect)

Ju, 01/02/2007 - 22:34 — OeX
autor: 
Sergey V. Gordeychik
descripcion: 

RKDetect is a little anomaly detection tool that can find services hidden by generic Windows rootkits like Hacker Defender. The tool enumerates the services on a remote computer via WMI (user level) and Services Control Manager (kernel level), the result is then compared and any difference is displayed. In this way we can find hidden services that are usually used to start rootkits. Similar approach can be used to enumerate processes, files, registry keys and anything that rootkits usually hides.

AdjuntoTamaño
rkdetect.zip16.1 KB
  • 272 lecturas

Comentarios

Enviar un comentario nuevo

  • Saltos automáticos de líneas y de párrafos.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <img> <p> <br>
  • You may post code using <code>...</code> (generic) or <?php ... ?> (highlighted PHP) tags.

Más información sobre opciones de formato

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Image CAPTCHA
Copy the characters (respecting upper/lower case) from the image.