NTRootkit
From: zero (zeroboy_at_arrakis.es)
Date: 06/19/03
- Previous message: Marc Fossi: "Article Announcement: Tracking Down the Phantom Host"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 19 Jun 2003 19:39:30 +0200 To: full-disclosure@lists.netsys.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi all,
I was wondering, if NTRootkit hooks syscalls, many of the current
programs used to detect running procs and hidden keys in register will
fail. So, how could you actually detect if syscalls have been hooked? I
belive you could see if new native calls have been added, but how can you
detect hooked and modified native calls?
Thxs in advance
www.citfi.org
www.podergeek.com
**********************************
"The further backward you look, the further forward you can see" Winston
Churchill
"Access is GOD..."
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
iQA/AwUBPvHnQw0R8jZM93x8EQIW+gCcCQc/N5j4wq6yjAiZi0bQsKYVMegAoI90
F2Zp7FOM8O0q3EeZHFLj7Rv6
=r6/w
-----END PGP SIGNATURE-----
-----------------------------------------------------------------------------
------------------------------------------------------------------------------
- Previous message: Marc Fossi: "Article Announcement: Tracking Down the Phantom Host"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
