New release of Unhide (2011-01-13)



Unhide is a forensic tool to find hidden processes and TCP/UDP ports
by rootkits / LKMs or by other hidden techniques.

// Unhide (ps)

Detects hidden processes. Six different techniques implemented:

- Comparing /proc vs /bin/ps output
- Comparing information gathered from /bin/ps with information
gathered by walking through the procfs.
- Compare information gathered from /bin/ps with information gathered
from syscalls (syscall scanning).
- Full PIDs space occupation (using PIDs bruteforcing)
- Reverse search, verifying that every threads seen by ps are also
seen by the kernel ( /bin/ps output vs /proc, procfs walking and
syscall )
- Quick compare /proc, procfs walking and syscall vs /bin/ps output.

// Unhide-TCP

Identify TCP/UDP ports that are listening but not listed in
/bin/netstat, bruteforcing every available TCP/UDP ports.


Changes in this release:

[+] New tests added.
[+] Now, Unhide is more modular, allowing the selection of single
tests (or metatests)
[+] New project homepage released: http://www.unhide-forensics.info

Regards!

-----------------------------------------------------------------
Securing Your Online Data Transfer with SSL.
A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate on your web server, you can securely collect sensitive information online, and increase business by giving your customers confidence that their transactions are safe.
http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a17f194



Relevant Pages

  • Re: Hidden processes....or not....using unhide package
    ... [*]Searching for Hidden processes through ... Found HIDDEN PID: 2216 ... I downloaded this and installed it, just to try (unhide) and it found ... lots of hidden processes through unhide sys. ...
    (Debian-User)
  • Re: Hidden processes....or not....using unhide package
    ... [*]Searching for Hidden processes through ... Found HIDDEN PID: 2216 ... I downloaded this and installed it, just to try (unhide) and it found ... lots of hidden processes through unhide sys. ...
    (Debian-User)
  • Re: What is the hidden process?
    ... HIDDEN Processes Found: 1 ... $sudo unhide -v sys ... "Neither the wisest constitution nor the wisest laws will secure ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx with a subject of "unsubscribe". ...
    (Debian-User)
  • New Release of Unhide (20080519)
    ... Unhide is a forensic tool to find processes and TCP/UDP ports hidden ... by rootkits / LKMs or any other hidden techniques. ...
    (Focus-IDS)
  • Re: What is the hidden process?
    ... Searching for Hidden processes through sysinfoscanning ... $sudo unhide -v sys ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ...
    (Debian-User)