شنبه - ۲۹ شهریور ۱۳۹۹

Rootkit Detectors

chkrootkit

chkrootkit : Locally checks for signs of a rootkit chkrootkit is a flexible, portable tool that can check for many signs of rootkit intrusion on Unix-based systems. Its features include detecting binary modification, utmp/wtmp/lastlog modifications, promiscuous interfaces, and malicious kernel modules.

بیشتر بخوانید »

RKHunter

RKHunter : An Unix Rootkit Detector RKHunter is scanning tool that checks for signs of various pieces of nasty software on your system like rootkits, backdoors and local exploits. It runs many tests, including MD5 hash comparisons, default filenames used by rootkits, wrong file permissions for binaries, and suspicious strings in LKM and KLD modules.

بیشتر بخوانید »

Tripwire

Tripwire : The grand-daddy of file integrity checkers A file and directory integrity checker. Tripwire is a tool that aids system administrators and users in monitoring a designated set of files for any changes. Used with system files on a regular (e.g., daily) basis, Tripwire can notify system administrators of corrupted or tampered files, so damage control measures can be taken in a timely manner. Traditionally an open souce tool, Tripwire Corp is now focused …

بیشتر بخوانید »

Sysinternals

Sysinternals : An extensive collection of powerful windows utilities Sysinternals provides many small windows utilities that are quite useful for low-level windows hacking. Some are free of cost and/or include source code, while others are proprietary. Survey respondents were most enamored with: ProcessExplorer for keeping an eye on the files and directories open by any process (like LSoF on UNIX). PsTools for managing (executing, suspending, killing, detailing) local and remote processes. Autoruns for discovering what …

بیشتر بخوانید »