SecTools http://secure2s.net/tools Secure2S Security Tool Sets Blog Wed, 29 Aug 2007 14:11:25 +0000 http://wordpress.org/?v=2.1.2 en chkrootkit http://secure2s.net/tools/2006/06/23/chkrootkit/ http://secure2s.net/tools/2006/06/23/chkrootkit/#comments Fri, 23 Jun 2006 20:05:57 +0000 Jalal Rohani http://www.secure2s.net/tools/2006/06/23/chkrootkit/ chkrootkit : Locally checks for signs of a rootkit chkrootkit is a flexible, portable tool that can check for many signs of rootkit intrusion on Unix-based systems. Its features include detecting binary modification, utmp/wtmp/lastlog modifications, promiscuous interfaces, and malicious kernel modules.
These icons link to social bookmarking sites where readers can share and discover new web pages.
  • del.icio.us
  • Reddit
  • Slashdot
  • Technorati
  • YahooMyWeb
  • Digg
]]> http://secure2s.net/tools/2006/06/23/chkrootkit/feed/ RKHunter http://secure2s.net/tools/2006/06/23/rkhunter/ http://secure2s.net/tools/2006/06/23/rkhunter/#comments Fri, 23 Jun 2006 19:51:34 +0000 Jalal Rohani http://www.secure2s.net/tools/2006/06/23/rkhunter/ RKHunter : An Unix Rootkit Detector RKHunter is scanning tool that checks for signs of various pieces of nasty software on your system like rootkits, backdoors and local exploits. It runs many tests, including MD5 hash comparisons, default filenames used by rootkits, wrong file permissions for binaries, and suspicious strings in LKM and KLD modules.
These icons link to social bookmarking sites where readers can share and discover new web pages.
  • del.icio.us
  • Reddit
  • Slashdot
  • Technorati
  • YahooMyWeb
  • Digg
]]> http://secure2s.net/tools/2006/06/23/rkhunter/feed/ Tripwire http://secure2s.net/tools/2006/06/23/tripwire/ http://secure2s.net/tools/2006/06/23/tripwire/#comments Fri, 23 Jun 2006 18:49:37 +0000 Jalal Rohani http://www.secure2s.net/tools/2006/06/23/tripwire/ Tripwire : The grand-daddy of file integrity checkers A file and directory integrity checker. Tripwire is a tool that aids system administrators and users in monitoring a designated set of files for any changes. Used with system files on a regular (e.g., daily) basis, Tripwire can notify system administrators of corrupted or tampered files, so damage control measures can be taken in a timely manner. An open source Linux version is freely available at Tripwire.Org. UNIX users may also want to consider AIDE, which has been designed to be a free Tripwire replacement. Or you may wish to investigate Radmind, RKHunter, or chkrootkit. Windows users may like RootkitRevealer from Sysinternals.
These icons link to social bookmarking sites where readers can share and discover new web pages.
  • del.icio.us
  • Reddit
  • Slashdot
  • Technorati
  • YahooMyWeb
  • Digg
]]> http://secure2s.net/tools/2006/06/23/tripwire/feed/ Sysinternals http://secure2s.net/tools/2006/06/23/sysinternals/ http://secure2s.net/tools/2006/06/23/sysinternals/#comments Fri, 23 Jun 2006 16:35:39 +0000 Jalal Rohani http://www.secure2s.net/tools/2006/06/23/sysinternals/ Sysinternals : An extensive collection of powerful windows utilities Sysinternals provides many small windows utilities that are quite useful for low-level windows hacking. Some are free of cost and/or include source code, while others are proprietary. Survey respondents were most enamored with:
  • ProcessExplorer for keeping an eye on the files and directories open by any process (like LSoF on UNIX).
  • PsTools for managing (executing, suspending, killing, detailing) local and remote processes.
  • Autoruns for discovering what executables are set to run during system boot up or login.
  • RootkitRevealer for detecting registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit.
  • TCPView, for viewing TCP and UDP traffic endpoints used by each process (like Netstat on UNIX).
These icons link to social bookmarking sites where readers can share and discover new web pages.
  • del.icio.us
  • Reddit
  • Slashdot
  • Technorati
  • YahooMyWeb
  • Digg
]]> http://secure2s.net/tools/2006/06/23/sysinternals/feed/