Tuesday 18 November 2014

Unhide :

To find processes hidden by rootkits:

Unhide is a forensic tool to find processes hidden by rootkits, Linux kernel modules or by other techniques. It detects hidden processes using six techniques:

    Compare /proc vs /bin/ps output
    Compare info gathered from /bin/ps with info gathered by walking thru the procfs. ONLY for Linux 2.6 version
    Compare info gathered from /bin/ps with info gathered from syscalls (syscall scanning).
    Full PIDs space ocupation (PIDs bruteforcing). ONLY for Linux 2.6 version
    Compare /bin/ps output vs /proc, procfs walking and syscall. ONLY for Linux 2.6 version
    Reverse search, verify that all thread seen by ps are also seen in the kernel.
    6- Quick compare /proc, procfs walking and syscall vs /bin/ps output. ONLY for Linux 2.6 version.
    Unhide-TCP


PhotobucketDownload

No comments:

Post a Comment

ADD THE FACEBOOK WIDGET CODE HERE