|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Bas Alberts (bas.alberts
immunityinc.com)
Date: Thu Sep 04 2008 - 08:29:27 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hrmm .. didn't read moodNT .. mostly it's just a straight translation of
the IA software developers manual. MoodNT would have been referenced
otherwise. Read DR.c for the gritty details. It was written to be a
porting platform for existing syscall hooks. Very simple stuff.
In any event, I only wrote the debug register bit (DR.c) .. I think the
actual hooks and 'rootkit' functionality could be improved (read my
comments in source). Feel free to do so. For me the goal was just to
give a simple and clean hooking mechanism based on dr logic, that people
could plug into existing 'oldschool' rootkits.
Cheers,
Bas
ninjaboy wrote:
> 2008/9/3 Bas Alberts <bas.albertsimmunityinc.com>:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> All,
>>
>> Immunity is releasing the DR Linux 2.6 IA32 rootkit under the GPLv2. It
>> is supported by CANVAS (and is thus commercially supported for your
>> penetration-testing needs) but is suitable for standalone use.
>>
>> Currently the rootkit can:
>>
>> o Hide processes
>> o Hide network sockets
>> o Hide files
>> o Get a remote MOSDEF Node (via hidden userland-backdoor)
>>
>
> good fork of mood-nt.
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFIv+K3LpdA2Ju9tfcRAhemAJ9WAydPGDcSfCUsza/pcTDQQ8MflACgglU2
zop+jBkdmjCjzzUfggUzyHk=
=BObD
-----END PGP SIGNATURE-----
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]