阅读:1673回复:0
[恢复] Windows Rootkit相关链接
这是在 2006年12月7日 13:01:31 GMT 检索到的 http://bbs.driverdevelop.com/simple/index.php?t103043.html 的 G o o g l e 缓存内容。
G o o g l e 已先预览各网页,拍下网页的快照存档。 这网页可能有更新的版本,请按此查看最新版。 本缓存网页可能引用了已经不存在的图片。单击此处,只查看缓存文本。 请使用网址 http://www.google.com/search?&q=cache:34X05aviG-IJ:bbs.driverdevelop.com/simple/index.php%3Ft103043.html+Windows+Rootkit%E7%9B%B8%E5%85%B3%E9%93%BE%E6%8E%A5&hl=zh-CN&gl=cn&ct=clnk&cd=4 链接此页或将其做成书签。 Google 和网页作者无关,不对网页的内容负责。 这些搜索字词都已标明如下: windows rootkit 相关 链接 -------------------------------------------------------------------------------- 驱动程序开发网技术社区 -> Kernel Mode discussion and Soft Driver -> Windows Rootkit相关链接 登录 -> 注册 -> 回复主题 -> 发表主题 << 1 2 >> Pages: ( 2 total ) zzq191 2005-11-29 20:08 http://club.safechina.net/viewthread.php?tid=1260 KMK 2005-11-29 20:10 http://www.rootkit.com/index.php AllenZh 2005-11-29 20:20 QUOTE: 下面是引用KMK于2005-11-29 12:10发表的: http://www.rootkit.com/index.php johnzhou 2005-11-29 20:30 为什么搞的怎么复杂 johnzhou 2005-11-29 20:49 我把他贴出来:http://club.safechina.net/ 一般般了,不如国外那个。^_^ yuanyuan 2005-11-29 20:58 看看再说 bdragonh 2005-11-29 22:10 1123 wwwhb2000 2005-11-29 22:26 aaaaaa xiangshifu 2005-11-29 22:53 呵呵, 别玩h站点上的那一招!! Featured 2005-11-30 00:08 abc xyzreg 2005-11-30 01:03 FT ______ xyzreg 2005-11-30 01:05 晕,就这个啊~这个也设需回复才能看? 汗…… bmyyyud 2005-11-30 01:13 QUOTE: 下面是引用KMK于2005-11-29 12:10发表的: http://www.rootkit.com/index.php 好久不见,嘿嘿... 1qaz 2005-11-30 18:06 ???? tony163163 2005-11-30 23:00 回一下了。支持一下。 lzc03121102 2005-12-01 07:31 顶。。。。。顶顶 fscv 2005-12-02 02:34 顶。。。。。顶顶 phy 2005-12-02 06:38 什么宝贝? looneyxp 2005-12-04 03:38 新名词啊 vancaho 2005-12-05 05:54 see see zealsoft_zhu 2005-12-05 18:12 我也进来一下 lhzh114 2005-12-05 23:01 有必要这么复杂吗? yphuan 2005-12-06 09:00 dddd lzc03121102 2005-12-07 08:02 顶........顶顶 apollozyt 2005-12-07 18:33 支持 gz818 2005-12-09 00:33 标题: Windows Rootkit相关链接 维护: 小四 <scz@nsfocus.com> 链接: http://www.opencjk.org/~scz/200402170928.txt 创建: 2004-02-17 09:28 更新: 2005-01-24 15:25 -- 如有推荐,请发信至<scz@nsfocus.com>多多指教,谢谢。 -- [ 1] Avoiding Windows Rootkit Detection/Bypassing PatchFinder 2 - Edgar Barbosa[2004-02-17] http://www.geocities.com/embarbosa/bypass/bypassEPA.pdf [ 2] TOCTOU with NT System Service Hooking http://www.securityfocus.com/archive/1/348570 TOCTOU with NT System Service Hooking Bug Demo http://www.securesize.com/Resources/hookdemo.shtml [ 3] Hooking Windows NT System Services http://www.windowsitlibrary.com/content/356/06/1.html http://www.windowsitlibrary.com/content/356/06/2.html [ 4] NTIllusion: A portable Win32 userland rootkit - Kdm <Kodmaker@syshell.org> http://www.phrack.org/phrack/62/p62-0x0c_Win32_Portable_Userland_Rootkit.txt [ 5] Kernel-mode backdoors for Windows NT - firew0rker <firew0rker@nteam.ru> http://www.phrack.org/phrack/62/p62-0x06_Kernel_Mode_Backdoors_for_Windows_NT.txt [ 6] Win2K Kernel Hidden Process/Module Checker 0.1 (Proof-Of-Concept) - Tan Chew Keong[2004-05-23] http://www.security.org.sg/code/kproccheck.html http://www.security.org.sg/code/KProcCheck-0.1.zip http://www.security.org.sg/code/KProcCheck-0.2beta1.zip [ 7] port/connection hiding - akcom[2004-06-18] http://www.rootkit.com/newsread_print.php?newsid=143 [ 8] Process Invincibility - metro_mystery[2004-06-13] http://www.rootkit.com/newsread_print.php?newsid=139 [ 9] KCode Patching - hoglund[2004-06-06] http://www.rootkit.com/newsread_print.php?newsid=152 http://www.rootkit.com/vault/hoglund/migbot.zip [10] Hiding Window Handles through Shadow Table Hooking on Windows XP - metro_mystery[2004-06-12] http://www.rootkit.com/newsread_print.php?newsid=137 [11] hooking functions not exported by ntoskrnl - akcom[2004-07-02] http://www.rootkit.com/newsread_print.php?newsid=151 [12] A method of get the Address of PsLoadedModuleList - stoneclever[2004-06-10] http://www.rootkit.com/newsread_print.php?newsid=135 [13] Fun with Kernel Structures (Plus FU all over again) - fuzen_op[2004-06-08] http://www.rootkit.com/newsread_print.php?newsid=134 http://www.rootkit.com/vault/fuzen_op/FU_Rootkit.zip [14] Getting Kernel Variables from KdVersionBlock, Part 2 - ionescu007[2004-07-11] http://www.rootkit.com/newsread_print.php?newsid=153 [15] Byepass Scheduler List Process Detection - SoBeIt <kinvis@hotmail.com>[2004-04-25] http://www.rootkit.com/newsread_print.php?newsid=117 [16] Detecting Hidden Processes by Hooking the SwapContext Function - kkasslin[2004-08-03] http://www.rootkit.com/newsread_print.php?newsid=170 [17] Loading Rootkit using SystemLoadAndCallImage - Greg Hoglund <hoglund@ieway.com>[2000-08-29] http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0114.html http://seclists.org/lists/bugtraq/2000/Aug/0408.html http://marc.theaimsgroup.com/?l=ntbugtraq&m=96766147118874&w=2 http://www.securityfocus.com/archive/1/79379/2002-11-30/2002-12-06/0 [18] A *REAL* NT Rootkit, patching the NT Kernel - Greg Hoglund <hoglund@ieway.com>[1999-09-09] http://www.phrack.org/phrack/55/P55-05 [19] Win2K/XP SDT Restore 0.2 (Proof-Of-Concept) - Tan Chew Keong[2004-10-01] http://www.security.org.sg/code/sdtrestore.html http://www.security.org.sg/code/SDTrestore-0.1.zip http://www.security.org.sg/code/SDTrestore-0.2.zip Disabling Sebek Win32 Client by Direct Service Table Restoration - Tan Chew Keong[2004-07-17] http://www.security.org.sg/vuln/sebek215-2.html [20] Sebek is a tool to capture the attacker's activities on a honeypot http://www.honeynet.org/tools/sebek/ Sebek client for Win2000 and WinXP http://www.honeynet.org/tools/sebek/sebek-win32-2.1.5-src.zip [21] Advanced Windows 2000 Rootkits Detection - Jan K. Rutkowski <jkrutkowski@elka.pw.edu.pl> http://www.blackhat.com/presentations/bh-usa-03/bh-us-03-rutkowski/bh-us-03-rutkowski-r2.pdf http://www.blackhat.com/presentations/bh-usa-03/bh-us-03-rutkowski/rutkowski-antirootkit.zip [22] Windows Key Logging and Counter-Measures - Chew Keong TAN <chewkeong@hotmail.com> http://pachome2.pacific.net.sg/~chewkeong/keylogr.pdf [23] Windows NT System-Call Hooking/Dr. Dobb's Journal January 1997 - Mark Russinovich <mark@osr.com> and Bryce Cogswell <cogswell@cs.uoregon.edu> http://www.exetools.com/forum/showthread.php?p=23296 http://www.exetools.com/forum/p_w_upload.php?p_w_uploadid=1751(9701.rar 253.6KB) (three post minimum required) [24] Kernel Filter Driver Example & Article(非常不错) Designing A Kernel Key Logger/A Filter Driver Tutorial - Clandestiny <clandestiny@despammed.com>[2004-09-01] http://www.woodmann.net/forum/showthread.php?t=6312 http://www.woodmann.net/forum/p_w_upload.php?p_w_uploadid=1084(Klog 1.0.zip 139.8KB) [25] Hide'n'Seek? Anatomy of Stealth Malware http://www.blackhat.com/presentations/bh-europe-04/bh-eu-04-erdelyi/bh-eu-04-erdelyi-paper.pdf (对rootkit隐藏手段进行概述性介绍,没有太多意义) [26] A more stable way to locate real KiServiceTable - 90210[2004-08-12] http://www.rootkit.com/newsread_print.php?newsid=176 [27] Bypassing SDT Restore tool - Opc0de[2004-10-11] http://www.rootkit.com/newsread_print.php?newsid=200 http://www.rootkit.com/vault/Opc0de/Bypassing_SDT_Restore.zip [28] Writing Trojans that bypass Windows XP Service Pack 2 Firewall - <americanidiot@hushmail.com>[2004-10-12] http://marc.theaimsgroup.com/?l=full-disclosure&m=109759186016337&w=2 [29] Concepts for the Stealth Windows Rootkit - Joanna Rutkowska <joanna@mailsnare.net>[2003-09] http://invisiblethings.org/papers/chameleon_concepts.pdf [30] Rootkits Detection on Windows Systems - Joanna Rutkowska <joanna@invisiblethings.org>[2004-10] http://invisiblethings.org/papers/ITUnderground2004_Win_rtks_detection.ppt -------------------------------------------------------------------------------- romatodi 2005-12-11 17:55 hao dragonxu 2005-12-12 20:50 bollll myth123 2005-12-13 05:59 ffffff slowwind2008 2006-01-11 05:22 it is so good ysy 2006-01-11 17:33 dsfds afree 2006-01-12 05:56 睇睇,藏猫猫 adir 2006-06-29 09:22 seesee vonsy 2006-06-29 17:48 rootkit resource look bbq aganno2 2006-07-03 10:13 顶一下才能看? wangjianfeng 2006-07-03 15:49 好,感谢发贴. zqw2006 2006-07-10 15:10 Show It? xinwanjiang 2006-07-11 11:28 SB。。。。。。。。。。。。 shijiaoan19 2006-07-12 18:05 kan kan kan frankvista 2006-07-13 18:12 QUOTE: 引用第0楼zzq191于2005-11-29 20:08发表的“Windows Rootkit相关链接”: 此处是被引用的隐藏贴 jetlan 2006-07-20 13:51 ding jetlan 2006-07-20 14:00 ding Gxter 2006-07-20 23:05 士大夫士大夫 sagasw 2006-07-24 22:19 这么麻烦,看看了 stanlyburg 2006-07-25 08:03 我知道有个www.rootkit.com freducn2002 2006-07-25 09:57 kankanxian wangfs111222 2006-07-25 23:03 ding ding akain 2006-07-27 16:59 dddd sunzm 2006-08-12 22:07 看一看了 z.b.Azy 2006-08-14 14:56 rootkit.com 查看完整版本: [-- Windows Rootkit相关链接 --] [-- top --] Powered by PHPWind v4.3.2 Code ? 2003-05 PHPWind Time 0.048851 second(s),query:4 Gzip enabled You can contact us |
|
|