Sysinternals Homepage
Forum Home Forum Home > Windows Discussions > Malware
  New Posts New Posts RSS Feed - Rootkits, Detectors, Bypassing/Overview
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

Topic ClosedRootkits, Detectors, Bypassing/Overview

 Post Reply Post Reply Page  123 89>
Author
Message
EP_X0FF View Drop Down
Senior Member
Senior Member
Avatar

Joined: 08 March 2006
Location: Russian Federation
Status: Offline
Points: 4758
Direct Link To This Post Topic: Rootkits, Detectors, Bypassing/Overview
    Posted: 20 July 2006 at 10:18am
RkU Test Rootkit - user mode process and kernel driver.

RkU Test Rootkit vs GMER 1.0.10.10122 - fully bypassed
RkU Test Rootkit vs IceSword v1.12/1.18 - fully bypassed
RkU Test Rootkit vs DarkSpy v1.05 (normal mode) - Doesn't see driver
RkU Test Rootkit vs DarkSpy v1.05 (super mode) - Doesn't see driver
RkU Test Rootkit vs Process Hunter - fully bypassed
RkU Test Rootkit vs Helios (alpha) - fully bypassed, Helios cant detect even Futo

RkU Test Rootkit will be available for downloading 23 July.

p.s.
Futo vs GMER 1.0.10.10122 - bypassed

Edited by EP_X0FF - 22 November 2006 at 9:40am
Back to Top
steely View Drop Down
Senior Member
Senior Member
Avatar

Joined: 11 June 2006
Location: United States
Status: Offline
Points: 221
Direct Link To This Post Posted: 20 July 2006 at 5:04pm
@ep_xoff, any release date RkU 2.0?Wink
cheers,
-steely
Back to Top
EP_X0FF View Drop Down
Senior Member
Senior Member
Avatar

Joined: 08 March 2006
Location: Russian Federation
Status: Offline
Points: 4758
Direct Link To This Post Posted: 20 July 2006 at 9:56pm
A cap of days. 23/07
Back to Top
steely View Drop Down
Senior Member
Senior Member
Avatar

Joined: 11 June 2006
Location: United States
Status: Offline
Points: 221
Direct Link To This Post Posted: 20 July 2006 at 10:05pm
kewl.
cheers,
-steely
Back to Top
c0d4r View Drop Down
Newbie
Newbie


Joined: 22 July 2006
Status: Offline
Points: 1
Direct Link To This Post Posted: 22 July 2006 at 1:19am
today is 23 July.
plz release the wonderful Rk
Back to Top
EP_X0FF View Drop Down
Senior Member
Senior Member
Avatar

Joined: 08 March 2006
Location: Russian Federation
Status: Offline
Points: 4758
Direct Link To This Post Posted: 22 July 2006 at 1:28am
Sorry it is for you 23 July, for me is still 22 July and beta testing shows that we have some problems with syscall detection/drivers scanning/memory management. Tomorrow will be released last stable (for us) beta 2.
Back to Top
Fyyre View Drop Down
Senior Member
Senior Member
Avatar

Joined: 12 April 2006
Status: Offline
Points: 227
Direct Link To This Post Posted: 22 July 2006 at 4:59am

Yes, and FU will bypass RKR and F-Secure Blacklight....=)

Looking forward to this RkU of yours.

Originally posted by EP_X0FF EP_X0FF wrote:

RkU Test Rootkit - user mode process and kernel driver.

RkU Test Rootkit vs GMER 1.0.10.10122 - fully bypassed
RkU Test Rootkit vs IceSword v1.12/1.18 - fully bypassed
RkU Test Rootkit vs DarkSpy v1.05 (normal mode) - Doesn't see driver
RkU Test Rootkit vs DarkSpy v1.05 (super mode) - Doesn't see driver
RkU Test Rootkit vs Process Hunter - fully bypassed
RkU Test Rootkit vs Helios (alpha) - fully bypassed, Helios cant detect even Futo

RkU Test Rootkit will be available for downloading 23 July.

p.s.
Futo vs GMER 1.0.10.10122 - bypassed

Back to Top
MP_ART View Drop Down
Senior Member
Senior Member
Avatar

Joined: 08 March 2006
Location: Russian Federation
Status: Offline
Points: 947
Direct Link To This Post Posted: 22 July 2006 at 6:39am
Someone have tested rootkit?
Back to Top
cardmagic View Drop Down
Senior Member
Senior Member


Joined: 29 April 2006
Status: Offline
Points: 119
Direct Link To This Post Posted: 23 July 2006 at 9:46pm

Originally posted by EP_X0FF EP_X0FF wrote:

RkU Test Rootkit - user mode process and kernel driver.

RkU Test Rootkit vs GMER 1.0.10.10122 - fully bypassed
RkU Test Rootkit vs IceSword v1.12/1.18 - fully bypassed
RkU Test Rootkit vs DarkSpy v1.05 (normal mode) - Doesn't see driver
RkU Test Rootkit vs DarkSpy v1.05 (super mode) - Doesn't see driver
RkU Test Rootkit vs Process Hunter - fully bypassed
RkU Test Rootkit vs Helios (alpha) - fully bypassed, Helios cant detect even Futo

RkU Test Rootkit will be available for downloading 23 July.

p.s.
Futo vs GMER 1.0.10.10122 - bypassed

 

DarkSpy has detected the driver...

But unfortunately you have modified some fileds,that makes darkspy misjudge it as an invalid driver...

We will fix this bug and release a modified version ...

Back to Top
EP_X0FF View Drop Down
Senior Member
Senior Member
Avatar

Joined: 08 March 2006
Location: Russian Federation
Status: Offline
Points: 4758
Direct Link To This Post Posted: 23 July 2006 at 9:59pm
We are in process of creation DKOH variants that will bypass everything known detection methods. And we are thinking about spreading it ....

(+)
Back to Top
 Post Reply Post Reply Page  123 89>
  Share Topic   

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 11.06
Copyright ©2001-2016 Web Wiz Ltd.