Jump to content
Nytro

Unhide

By Nytro, in Programe securitate

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

Unhide is a forensic tool to find hidden processes and TCP/UDP ports by rootkits / LKMs or by another hidden technique. Unhide runs in Unix/Linux and Windows Systems. It implements six main techniques.

Features

  • Compare /proc vs /bin/ps output
  • Compare info gathered from /bin/ps with info gathered by walking thru the procfs. ONLY for unhide-linux version
  • Compare info gathered from /bin/ps with info gathered from syscalls (syscall scanning).
  • Full PIDs space ocupation (PIDs bruteforcing). ONLY for unhide-linux version
  • Compare /bin/ps output vs /proc, procfs walking and syscall. ONLY for unhide-linux version. Reverse search, verify that all thread seen by ps are also seen in the kernel.
  • Quick compare /proc, procfs walking and syscall vs /bin/ps output. ONLY for unhide-linux version. It’s about 20 times faster than tests 1+2+3 but maybe give more false positives.

URL: http://www.unhide-forensics.info

Via: ToolsWatch.org – The Hackers Arsenal Tools Portal » 2014 Top Security Tools as Voted by ToolsWatch.org Readers

fed Newbie

fed

Posted
Posted
Unhide is a forensic tool to find hidden processes and TCP/UDP ports by rootkits / LKMs or by another hidden technique. Unhide runs in Unix/Linux and Windows Systems. It implements six main techniques.

Features

  • Compare /proc vs /bin/ps output
  • Compare info gathered from /bin/ps with info gathered by walking thru the procfs. ONLY for unhide-linux version
  • Compare info gathered from /bin/ps with info gathered from syscalls (syscall scanning).
  • Full PIDs space ocupation (PIDs bruteforcing). ONLY for unhide-linux version
  • Compare /bin/ps output vs /proc, procfs walking and syscall. ONLY for unhide-linux version. Reverse search, verify that all thread seen by ps are also seen in the kernel.
  • Quick compare /proc, procfs walking and syscall vs /bin/ps output. ONLY for unhide-linux version. It’s about 20 times faster than tests 1+2+3 but maybe give more false positives.

URL: http://www.unhide-forensics.info

Via: ToolsWatch.org – The Hackers Arsenal Tools Portal » 2014 Top Security Tools as Voted by ToolsWatch.org Readers

Cum opresc hidden pid-urile?

Am incercat cu Process Explorer si TcpView de la Sysinternals inclusiv taskkill /f /pid ... : error the process ... not found

fed Newbie

fed

Posted
Posted (edited)
Ce e ala "hidden pid"? Te referi la rootkit-uri?

Programul scaneaza si afiseaza Found Hidden port si Found HIDDEN PID:

Edited by fed
fed Newbie

fed

Posted
Posted
Daca ai antivirus, e posibil sa fie de la self defence-ul sau.

Nu am.

Auto kill hidden processes doar pe var linux/unix ( for P in `unhide sys | grep -v “\*” | grep -i HIDEEN | cut -f2 -d':’ | awk ‘{print $1}’`; do kill -9 $P; done; ) , pacat pe win for ramane hidden in continuare plm rootkiturile

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...