|
Dailydave
mailing list archives
Re: DR Linux 2.6 rootkit released
From: "Pierre Falda" <darkangel () antifork org>
Date: Thu, 4 Sep 2008 13:39:51 +0200
Hi people,
if someone else is still interested in these things and wants to see an
'old' code, in 2006 i have published an article and a 2.4.x/2.6.x (tested
until .19) linux rootkit
which loads itself through kmem and fully implements these techniques. It's
a full working rootkit with a debug registers engine and with
anti detection checks via GD and CPU emulation to protect itself too. It has
all modern rootkits hiding features, anti detection extra features
like kmem/mem/kcore/procfs on the fly patching and most add-ons like TTY and
applications sniffing. It works watching SCT and supports
syscall invocations through int 80 and sysenter and so on.
You can find the source code here:
http://packetstormsecurity.org/UNIX/penetration/rootkits/mood-nt_2.3.tgz
or here
http://darkangel.antifork.org/codes.htm
The article about the hardware engine (in Italian) is here
http://darkangel.antifork.org/publications/Abuso%20dell%27Hardware%20nell%27Attacco%20al%20Kernel%20di%20Linux.pdf
and if you want the printed version in a scientific publication you can go
here:
http://www.atsystem.org/en/conventions/nss06/convention+proceedings
Have a nice day!
Pierre Falda 'darkangel'
http://darkangel.antifork.org
Antifork Research Inc.
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
 By Date 
By Thread
Current thread:
| 
Intro
