计算机安全超级工具(十)-Rootkit
2009-12-13 10:49
405 查看
Hacker Defender
http://www.rootkit.com/board_project_fused.php?did=proj5
short description This is the Hacker Defender rootkit for Windows.
long description: Hacker Defender was a very common rootkit in the wild. It sports a user friendly inifile that controls its behaviour. It is 98% userland rootkit and some source-code is available. There are also commercial versions of Hacker Defender that brings new functionality together with protection against antivirus products and rootkit detectors.
Linux Rootkit: Adore-ng
Linux Rootkit检测器——kstat
http://docs.sun.com/app/docs/doc/816-5166/kstat-1m?a=view
The kstat
utility examines the available kernel statistics, or kstats,
on the system and reports those statistics which match the criteria specified
on the command line. Each matching statistic is printed with its module, instance,
and name fields, as well as its actual value.
Kernel statistics may be published by various kernel subsystems, such
as drivers or loadable modules; each kstat has a module field that denotes
its publisher. Since each module might have countable entities (such as multiple
disks associated with the sd(7D)
driver) for which it wishes to report statistics, the kstat also has an instance
field to index the statistics for each entity; kstat instances are numbered
starting from zero. Finally, the kstat is given a name unique within its module.
Each kstat may be a special kstat type, an array of name-value pairs,
or raw data. In the name-value case, each reported value is given a label,
which we refer to as the statistic. Known raw and special kstats are given
statistic labels for each of their values by kstat
; thus,
all published values can be referenced as module
:instance
:name
:statistic
.
When invoked without any module operands or options, kstat will match
all defined statistics on the system. Example invocations are provided below.
All times are displayed as fractional seconds since system boot.
http://www.rootkit.com/board_project_fused.php?did=proj5
short description This is the Hacker Defender rootkit for Windows.
long description: Hacker Defender was a very common rootkit in the wild. It sports a user friendly inifile that controls its behaviour. It is 98% userland rootkit and some source-code is available. There are also commercial versions of Hacker Defender that brings new functionality together with protection against antivirus products and rootkit detectors.
Linux Rootkit: Adore-ng
Linux Rootkit检测器——kstat
http://docs.sun.com/app/docs/doc/816-5166/kstat-1m?a=view
The kstat
utility examines the available kernel statistics, or kstats,
on the system and reports those statistics which match the criteria specified
on the command line. Each matching statistic is printed with its module, instance,
and name fields, as well as its actual value.
Kernel statistics may be published by various kernel subsystems, such
as drivers or loadable modules; each kstat has a module field that denotes
its publisher. Since each module might have countable entities (such as multiple
disks associated with the sd(7D)
driver) for which it wishes to report statistics, the kstat also has an instance
field to index the statistics for each entity; kstat instances are numbered
starting from zero. Finally, the kstat is given a name unique within its module.
Each kstat may be a special kstat type, an array of name-value pairs,
or raw data. In the name-value case, each reported value is given a label,
which we refer to as the statistic. Known raw and special kstats are given
statistic labels for each of their values by kstat
; thus,
all published values can be referenced as module
:instance
:name
:statistic
.
When invoked without any module operands or options, kstat will match
all defined statistics on the system. Example invocations are provided below.
All times are displayed as fractional seconds since system boot.
相关文章推荐
- 计算机安全超级工具(四)——无线搜索
- 计算机安全超级工具(十四)-电子邮件安全和反垃圾邮件
- 计算机安全超级工具(二十)-应用程序干扰
- 计算机安全超级工具(十五)-设备安全测试
- 计算机安全超级工具(二十一)-二进制逆向工程
- 计算机安全超级工具(五)——自定义数据包生成
- 计算机安全超级工具(六)——渗透工具
- 计算机安全超级工具(九)-后门程序
- 计算机安全超级工具(-)——网络扫描
- 计算机安全超级工具(二)——漏洞扫描
- 计算机安全超级工具(七)——无线渗透
- 计算机安全超级工具(十一)-防火墙
- 计算机安全超级工具(十七)-网络监控
- 计算机安全超级工具(八)——探测框架应用程序
- 计算机安全超级工具(十二)-主机加固
- 计算机安全超级工具(十八)-主机监控
- 计算机安全超级工具(三)——局域网搜索
- 计算机安全超级工具(十三)-通信安全保护
- 计算机安全超级工具(十九)-Forensic工具
- 十大超级计算机强势来袭 Linux真安全还是假忽悠