curuncula dbr rootkit detection tool



Hi,
I've released a little program named Curuncula.
Curuncula is a tool shipped as a loadable kernel module that aims to
detect rootkits based on the Intel debugging support facilities.
Rootkits that set the GD access flag are also detected. It makes use of
the "last branch recording" mechanism provided by the Intel
architecture. Support both the 2.4 and 2.6 Linux kernels.
Complete source code can be found here:
http://packetstormsecurity.org/UNIX/audit/curuncula.tgz

I hope you find it useful.
Regards,
Giuseppe Cocomazzi

--
every day above ground is a good one.



Relevant Pages

  • Re: curuncula dbr rootkit detection tool
    ... Giuseppe Cocomazzi wrote: ... I've released a little program named Curuncula. ... detect rootkits based on the Intel debugging support facilities. ... Rootkits that set the GD access flag are also detected. ...
    (Focus-Linux)
  • RootKits Under Linux
    ... I am currently doing a project on rootkits under linux os. ... specially interested in loadable kernel module rootkits. ... where does research stand now in terms of detecting such rootkits. ...
    (Focus-IDS)