1 Aug 2008 09:19
Tool Release: ProcL - Detect Hidden Process
Pallav Khandhar <pallav.khandhar <at> gmail.com>
2008-08-01 07:19:50 GMT
2008-08-01 07:19:50 GMT
Greetings, I am glad to release ProcL v1.0. ProcL employs many different methods to detect hidden processes. Essentially, ProcL detailed and implemented a mechanism to embed all these different approaches in one tool to detect hidden processes. Our methods of detecting hidden processes requires the examination of each kernel object - EPROCESS, ETHREADS, HANDLES, JOBS. Therefore, we believe, ProcL would defeat process concealment from one certain method. Hiding a process is particularly threatening because it represents some malicious code running on your system that you are completely unaware of. Process hiding has a significant effect. Many of the trojan, virus, spyware, rootkit writers use similar techniques to hide themselves and stay undetected as long as possible on target machines. Finding all the ways a rootkit might hide a process is just the first step in defending against the rootkits. Detecting hidden objects is a promising new area in rootkit detection. For more information on the tool http://www.scanit.net/rd/tools/03 Download the tool http://www.scanit.net/files/tools/ProcL.zip Cheers, Pallav Khandhar Sr. Security Researcher Scanit R&D Lab(Continue reading)
RSS Feed