Dailydave mailing list archives
Thoughts about Cross-View based Rootkit Detection
From: Joanna Rutkowska <joanna () invisiblethings org>
Date: Sun, 19 Jun 2005 13:40:56 +0200
Recently, cross-view based approach to rootkit detection, especially in regards to hidden files and registry keys, became very popular. This is mostly because of the recent release of the tools like Rootkit Revealer and Black Light as well as Microsoft research project, with a friendly name GhostBuster. Many people started to think that it is going to be the ultimate way for detecting all rootkits and system compromises in general... So, I decided to put some of my thoughts about this into a short article, which can be found here: http://invisiblethings.org/papers/crossview_detection_thoughts.pdf Best Regards, joanna. _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Thoughts about Cross-View based Rootkit Detection Joanna Rutkowska (Jun 19)
- Re: Thoughts about Cross-View based Rootkit Detection Dave Aitel (Jun 19)
- fragging with rootkit detectors? Rodney Thayer (Jun 19)
- Re: fragging with rootkit detectors? Mark (Jun 20)
- fragging with rootkit detectors? Rodney Thayer (Jun 19)
- Re: Thoughts about Cross-View based Rootkit Detection Dave Aitel (Jun 19)