Home page logo
/

basics logo Security Basics mailing list archives

Re: Hidden processes in windows
From: lukasz () piatek pl
Date: Thu, 27 May 2010 10:23:13 -0600

hi mate. dkom is the method you have been looking for. Unlinking some structures by using built in system calls 
(windows api has a few of them) may hide processes in Task Manager. I used to do it on Windows 2000 and up but did not 
try on latest Vista sp2. You may be interested in microsoft research library -- Detours.. Look after it.

Google has returned this: 
http://docs.google.com/viewer?a=v&q=cache:z7YBr4F0cyAJ:www.terena.org/activities/tf-csirt/meeting27/oesterberg-rootkits.pdf+doubly+linked+list&hl=es&pid=bl&srcid=ADGEEShi0qlfkpEa79kiBc3MTplQJ_Ah_4xN0PiHHUlpXa-6EeahY5-j8UW4fRSx5yBaLzhCZ6QCHBv_KfLkB8waUlRc1c7yS7MewoPS-WUzS_1FA_Tk5fpP95S32Whe4dJ71OfrhRB4&sig=AHIEtbQ9SeZUFKOQ2FJEixcFmCa65sPq5g

It may be worth looking. Many rootkits use this method to hide themselves.

Regards,
Lukasz Piatek

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]