Anti-Exploit

[westside159]

Real-time exploits tracking with Anti-Exploit

Author: Danny, IT-Observer Staff

Wednesday, 14 September 2005, 10:25 GMT

The security industry managed to develop a comprehensive set of computer forensics tools, both free and commercial, that could help IT professionals to track down the tools used to attack their networks. Even though the advanced features they utilize, their limitations eventually tend to leave IT experts without a determined answer.

Computer forensics tools were designed to investigate and find digital evidence after a computer incident has occurred. However, in most incidents it??€™s uncommon for hackers to leave any traces that might lead to their tools or their existence.

This is a review of the first on-access Anti-Exploit scanner. Anti-Exploit can help IT professionals to discover local attackers before they manage to execute malicious programs.

The Anti-Exploit exploit scanner utilizes kernel features to identify suspicious files when they are created or used. Anti-Exploit tags suspicious file by checking its md5 value (will be changed to signature-based) and comparing it against a database of well-known malicious tools such as exploits, rootkits, etc.

Anti-Exploit does not require any special modules for installation and on most systems it will be installed smoothly. The only additional package required is Dazuko Linux kernel module, which provides an interface for file system access control. Anti-Exploit comes with a configuration file, enables one to modify settings such as proxy information (for updates), email alerts and more. It must be edited prior executing the final installation step.

Download:

ftp://ftp.h07.org/pub/h07.org/projects/security