IDS mailing list archives

Re: rootkit and trojan hunting

From: "Nuno Treez" <nunotreez () gmail com>
Date: Thu, 27 Mar 2008 12:11:55 +0100

Return C, have you looking about system call hooking or system call
table modifications?

 Don't reinvent the wheel -- just use Tripwire.
 http://sourceforge.net/projects/tripwire/ for the open source version,


(sigh) What about learning?

"Give a man a fish and you feed him for a day. Teach a man to fish and
you feed him for a lifetime." Chinese Proverb

-- 
Nuno Treez
--
Being a pain in the Internet's ass since 1996.
--
Si vis pacem, para bellum. (Vegetius, Epitome rei militaris, 3. Praef.)
--

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
to learn more.
------------------------------------------------------------------------

Current thread:

rootkit and trojan hunting Return C (Mar 26)
- Re: rootkit and trojan hunting "Zow" Terry Brugger (Mar 26)
  - Re: rootkit and trojan hunting Jeff D (Mar 26)
  - Re: rootkit and trojan hunting Nuno Treez (Mar 28)
    - Re: rootkit and trojan hunting "Zow" Terry Brugger (Mar 28)
    - Re: rootkit and trojan hunting Return C (Mar 28)
    - Re: rootkit and trojan hunting "Zow" Terry Brugger (Mar 28)
- RE: rootkit and trojan hunting oherrera (Mar 27)