Honeypots mailing list archives
Re: Kernel-level Rootkits
From: <mike () honeynet org>
Date: Mon, 9 Dec 2002 09:32:52 -0500 (EST)
Edward, Check out Sebek, http://www.honeynet.org/papers/honeynet/tools/sebek-0.4.tar.gz Its a lkm that monitors keystrokes and has supporting software to get the keystrokes off of the honeypot. Mike
Hello everyone. A question concerning Kernel-level rootkits. Has anyone used a kernel-level rootkit (i.w. Knark, Adore, KIS) in a honeypot implementation? It would appear to have a few advantages, but only in the hands of someone who knew how to use it correctly. If anybody has experimented with kernel-level rootkits, I would be interested in your results, as I am considering using a rootkit (after I learn how it works of course) in a honeypot of my own. Regards, Edward W. Ray
Current thread:
- Kernel-level Rootkits Edward Ray (Dec 09)
- Re: Kernel-level Rootkits mike (Dec 09)
- Re: Kernel-level Rootkits Dominik Lupinski (Dec 09)
- <Possible follow-ups>
- Kernel-level Rootkits fred (Dec 09)