Search Results for "rootkits"

...It enables investigators and malware analysts to extract process lists, network connections, DLLs, strings, artifacts, and more. Volatility supports many plugins for detecting hidden processes, malware, rootkits, and event tracing. It’s essential in digital forensics and incident response workflows.

Unhide is a forensic tool to find processes and TCP/UDP ports hidden by rootkits / LKMs or by another hiding technique. Note 1: Unhide-linux repo has migrated to https://github.com/YJesus/Unhide Please, report bugs or make pull requests on the new repo. Note 2: unhide-windows is no more maintained. Use tools like Gmer http://www.gmer.net/

Rekall is a powerful memory forensics framework that turns raw RAM captures—or live system state—into structured artifacts investigators can query and script. It ships with a large collection of plugins that parse OS internals to recover processes, modules, sockets, registry hives, and file objects, even when rootkits try to hide them. The design emphasizes repeatability: investigators run well-defined analyses that produce timelines, indicators, and reports suitable for case work or automation. Rekall supports profile-free operation for many targets, reducing setup friction and making it easier to handle varied images in the field. Extensibility is a core theme, with a plugin API and notebook-friendly workflows for custom hunts and triage. ...

Reveal Rootkit detects processes hidden by rootkits. It is intended to run out of cron or similar services on a regular base and avoids verbose output as long as nothing was found. It's fast and shouldn't produce false positives. Reveal RootKit is tested mainly on Linux but should work on other POSIX systems with a /proc filesystem, too.

Trojan Scan is a simple shell script that allows for simple but relatively effective checking for trojans, rootkits and other malware that may be using your server and network for unwanted (and possibly illegal) purposes. Since this script is relatively simple don't expect it to catch them all, but it helps to find these programs on e.g. shared servers. On those machines lots of users install many kinds of applications. These applications may introduce new vulnerabilities which would perhaps otherwise not be detected if not for a very alert sysadmin. ...

Inspiring Operating System replaces Windows 8, Vista, XP and Mac OS X. (Are you tired of nasty viruses, worms, trojans, rootkits, dialers, spyware, and malware?). If so, make a smart move and get a newbie friendly free Linux Operating System today!

Open source antivirus developed in C++. Detects and eliminates viruses, trojans, worms, adware, spyware, rootkits, also protects against phising attempts and network attacks.

Zeppoo allows you to detect rootkits on i386 and x86_64 architecture under Linux, by using /dev/kmem and /dev/mem. Moreover it can also detect hidden tasks, connections, corrupted symbols, system calls... and so many other things.

Nasty LKM Defender is a module wich protects Your system against some nasty modules (e.g. rootkits). Well mainly it protects sys_call_table and some other important functions (get_module_list, sys_query_module)

An Host-Based Intrusion detection system (for Unix) with modules in C and perl. It locally checks for signs of trojans, worms, rootkits, miss-configurations and other system problems.

checkps is a program to detect rootkits by detecting falsified output and similar anolomies. The ps check should work on anything with /proc, the (currently incomplete) netstat check is more linux specific