Supplemental Resources and Links for Episode #9

Resource links for Security Now! Episode #9:

Rootkits

 UPDATE: 11/14/2005
 A FREE, new Rootkit Hook Analyzer
The folks at "Resplendence" (I use several of their products) just sent me a note about their just-released "Rootkit Hook Analyzer" which compares the current kernel hook table to the original copy and shows any differences. This will show any "API services" that are being "hooked" and possibly altered and can be an indication of rootkit technology in a machine.

 The SysInternals Rootkit Revealer Home Page

This is the terrific freeware tool Leo and I discuss which is able to find and identify resources being deliberately hidden inside any Windows PC.

Note that there ARE some commercial anti-virus tools which use rootkit hiding technology for their own purposes. So the rootkit revealer might "reveal" things that are NOT malicious. You will need to do a bit of checking to determine WHAT it is showing you . . . but at least you will know what's really going on inside your system.

 Microsoft Research Strider Ghostbuster Rootkit Detection

This is the home page for Microsoft Research's Strider Ghostbuster rootkit detection research. The page has MANY useful links for further examination and research.

 Microsoft's malicious software removal tool

Although details are scarce, there are reports that the beta version of Microsoft's existing malicious software removal tool is adding rootkit detection capabilities. This is presumably to prevent its scans from being fooled and missing installed and known malware.

 F-Secure's "Blacklight" Rootkit detection (free during beta release)

F-Secure has their rootkit detection system in beta release. I haven't looked at it, but it might be worth giving a whirl.

Visiting the DARK SIDE . . .

 www.rootkit.com

This is the infamous "rootkit" web site containing a repository of hacking tools, source code, and dialog about all forms of system penetration and subversion.

 www.phrack.org

This is the legendary "Phrack" site. It contains the archive of Phrack, a cracker-oriented magazine where developers share flaws in security-related products, rootkit techniques, and other malware tips and tricks.


Jump to top of page
Gibson Research Corporation is owned and operated by Steve Gibson.  The contents
of this page are Copyright (c) 2016 Gibson Research Corporation. SpinRite, ShieldsUP,
NanoProbe, and any other indicated trademarks are registered trademarks of Gibson
Research Corporation, Laguna Hills, CA, USA. GRC's web and customer privacy policy.
Jump to top of page

Last Edit: May 04, 2013 at 17:12 (1,682.87 days ago)Viewed 3 times per day