|
|
Post Reply 
|
Page 123 22> |
| Author |
 Share Topic Printable Version Delicious Digg Facebook Furl Google MySpace Newsvine reddit StumbleUpon Translate Twitter Windows Live Yahoo Bookmarks Topic Search  Topic Options
|
EP_X0FF 
Senior Member 
Joined: 08 March 2006 Location: Russian Federation Online Status: Offline Posts: 4753 |
 Topic: Z0mBiE rootkitPosted: 27 February 2008 at 4:18am |
|
Does anyone have links to this software?
Chinese server must be under heavy DDOS, I can't d/l IceSword from PJF site. Thanks. Edited by EP_X0FF - 29 February 2008 at 6:21am |
|
|
Ring0 - the source of inspiration
|
|
 |
|
|
a_d_13
Senior Member
Joined: 08 September 2007 Online Status: Offline Posts: 266 |
Posted: 27 February 2008 at 5:35am |
|
Here's a Rapidshare link.
The site seems to be alive (according to nmap), but it's REALLY slow....
Thanks,
--AD
|
|
|
|
|
EP_X0FF
Senior Member
Joined: 08 March 2006 Location: Russian Federation Online Status: Offline Posts: 4753 |
Posted: 27 February 2008 at 6:17am |
|
Thank you very much, I got the file. Just to test one interesting concept of user mode rootkit :)
Edited by EP_X0FF - 27 February 2008 at 6:29am |
|
|
Ring0 - the source of inspiration
|
|
|
|
|
a_d_13
Senior Member
Joined: 08 September 2007 Online Status: Offline Posts: 266 |
Posted: 27 February 2008 at 6:52am |
|
No problem
 .
What concept are you testing, if I may ask?
Thanks,
--AD
|
|
|
|
|
EP_X0FF
Senior Member
Joined: 08 March 2006 Location: Russian Federation Online Status: Offline Posts: 4753 |
Posted: 27 February 2008 at 6:56am |
|
User land rootkit, which hides it process from almost all detectors, except most advanced detectors. No hooks, no drivers. Just concept for Windows XP SP2. This is a result of dispute with my friend. I can post it here when I finish it (the last thing what I must to do - bypass BlackLight and IceSword v1.22).
|
|
|
Ring0 - the source of inspiration
|
|
|
|
|
Elite
Senior Member
Joined: 15 April 2007 Location: United States Online Status: Offline Posts: 175 |
Posted: 27 February 2008 at 8:13am |
 Can't wait. |
|
|
4 > 1
|
|
|
|
|
EP_X0FF
Senior Member
Joined: 08 March 2006 Location: Russian Federation Online Status: Offline Posts: 4753 |
Posted: 27 February 2008 at 8:42am |
|
I can make it multiplatform, add support for Windows 2003, Vista and Windows 2008, but I doubt that this is really needed.
added: Done, latest BlackLight and IceSword v1.22en bypassed. Edited by EP_X0FF - 27 February 2008 at 9:09am |
|
|
Ring0 - the source of inspiration
|
|
|
|
|
SystemPro
Senior Member
Joined: 26 April 2007 Location: Germany Online Status: Offline Posts: 504 |
Posted: 27 February 2008 at 1:00pm |
|
|
|
|
|
EP_X0FF
Senior Member
Joined: 08 March 2006 Location: Russian Federation Online Status: Offline Posts: 4753 |
Posted: 27 February 2008 at 4:19pm |
|
No Blue Pills and other VT related idiocy. Just a little user land code.
|
|
|
Ring0 - the source of inspiration
|
|
|
|
|
Schtrudel
Newbie 
Joined: 15 November 2005 Location: Israel Online Status: Offline Posts: 35 |
Posted: 28 February 2008 at 2:54pm |
|
Are you bypassing all the actual ARKs with Userland RK?
Wow! I thought we already passed this point... When are you posting a proof of concept? |
|
|
|
|
Post Reply
|
Page 123 22> |
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
Z0mBiE rootkit