转载 2008年05月04日 19:15:00


October 21, 2007 – 15:05

Garage - Homebrew haxoring of a different type
Network Drivers - Contains links for both NDIS and TDI drivers.
Remote Control Packages


Anti-trojan.org - The worlds largest trojan information website. Information on over 1000 different trojans. (3096 hits)
antiserver rootkit collection - a small archive that includes backdoored services (2540 hits)
Author for Google hacking/penetration testers - Very useful website. (556 hits)
Bochs - An x86 emaulator w/ source, like VMWare (844 hits)
brilliant trick to program ROM chips - (1007 hits)
Cain and Abel + other tools - Cain & Abel is a password recovery tool for Microsoft Operating Systems. (380 hits)
chkrootkit - a rootkit detector (1881 hits)
DJ CMOS PhNeutral - Keith has informed us that these are the worst mixes of his entire life. This is mostly because of FX’s amazing hospitallity and allowing Keith to “enjoy” the bar free of charge. Keith has requested that we remove the files but don’t worry, we told him to fuck himself. (887 hits)
DLL World - search engine and a ton of DLL’s and OCX’x (1296 hits)
Edge Engine - The CMS Engine used for this website (415 hits)
EXEtools - (1974 hits)
exploit archive - yet another, w/ search (2052 hits)
Finding Hidden Processes and Terminate It - “Finding Hidden Processes” is a tool For Finding Hidden Processes in our Systems. (647 hits)
Free Computer Books, Tutorials & Lecture Notes - A whole archive of about everyhting and anyhting computer related. Lots of good referance material. (1111 hits)
Generating small executables with Visual C++ - Nice tutorial on how to create small exe’s with visual c++. (1273 hits)
Getting WinDBG and VMWare to play together - (710 hits)
Good info on filesystem drivers - (916 hits)
google hack: browsable directories - this search string returns sites w/ browsable root dir’s (2734 hits)
google hack: finds user auth files - find files called “auth_user_file.txt” - you can crack hashes (1747 hits)
GoogleHack-Getting ASP Pages For jection Check - This hack throws you with a search how to get direct ASP pages index for injection check (277 hits)
Hacking DNA at home - Hacking code getting old? Try DNA instead. This resource will help you build super-virulent E. Coli (be careful!) and grow glow-in-the-dark house plants. (700 hits)
http://www.k-otik.com/exploits/ - exploit archive (1480 hits)
Interrupt Hooking - (1164 hits)
Just check it out - apihooks and others (957 hits)
Kernel Security Therapy Anti-Trolls (KSTAT) - (self describes:) Kernel Security Therapy Anti-Trolls (KSTAT) is a very powerful security tool to detect many kinds of rogue kernel rootkits. It analyzes the kernel through /dev/kmem and detects modified syscalls as well as various other problems. This version runs on 2.4.x only, and can assist in finding and removing trojan LKMs. It supports network socket dumps, sys_call fingerprinting, stealth module scanning, and more. (1136 hits)
Matt Pietrek’s homepage - (1746 hits)
Microlib - machine simulator (727 hits)
neworder security references - good i guess for the newbie, helped me out with some questions and thought maybe it would help out. great community aspect thought, has alot of references to different sites that they host, like code.box.sk and junk like that. not just for a weird wanna be hacker. (386 hits)
Nice article on API apying technique - Yariv Kaplan’s article, a good one (1145 hits)
Nmap website - One of the best network mapping and port scanning tools that is freely available for many operating systems (342 hits)
Open Reverse Code Engineering - Open Reverse Code Engineering community was created to foster a shared learning environment among researchers interested in the field of reverse engineering. Heavily modeled on Rootkit.com, OpenRCE aims to serve as a centralized resource for reverse engineers (currently heavily win32/security/malcode biased) by hosting files, blogs, forums articles and more. (1081 hits)
Packetstorm Directory Tree - (991 hits)
PearPC - PowerPC machine emulator (603 hits)
QEMU - Another x86 machine emulator (543 hits)
RCE Messageboards - A set of message boards dedicated to reverse code engineering issues ranging from newbie to advanced. There is also a RCE tool discussion board and a board dedicated to cryptographics. (546 hits)
ReactOS - ReactOS is an OS based on windows nt, the source code contains allooooot of info about nt kernel, how windows boot, …. (1050 hits)
rootkit archive - (2363 hits)
Rootkit’s Unloader - t’s tool for unmapping the modules and loaded Rootkit’s DLLS. It also can terminate the Threads and processes. For Unloading the Rootkits first you must know your target’s DLL After finding these Processes you can terminate the Library. Tip: Before selecting this you must close and save your Program’s Data, because this Program erasing all Threads and Maybe Your Lose your data .TerminateThread is a dangerous function that should only be used in the most extreme cases. You should call TerminateThread only if you know exactly what the target thread is doing, and you control all of the code that the target thread could possibly be running at the time of the termination. Down load’s Link Full Source Code with Binary https://www.rootkit.com/vault/neocrackr/Rootkits_Unloader.rar (286 hits)
rootkit.nl - rootkit detector (1512 hits)
Rootkits: The “r00t” of Digital Evil - Viruses, worms, trojans, spyware and rootkits abound in the maelstorm of modern malware. Rootkits easily stand out as the greatest threat to site security. To combat this growing problem, administrators need to understand how they work. (1014 hits)
Russian Rootkits Project - Russian Rootkits Project. (89 hits)
Samuel Jackson Sound Board - this is funny, you MUST try it (1641 hits)
The Injecting Dlls Into Processes - this is a too for Injecting Dlls Into Processes , free source code VB 6 + Exe Binary (169 hits)
tripatourium - (899 hits)
Universitas Virtualis - Universitas Virtualis offers with it’s own powerful bibliotheca system a comprehensive knowledge base for topics like Algorithms, Software-Engineering, Software-Protection and Reverse Code Engineering, Cryptography and Cryptanalysis. The Bibliotheca offers access to important research papers and grey papers to provide a wide range of available knowledge. (909 hits)
worms archive - (1333 hits)
XEN - The Xen virtual machine monitor (814 hits)
XFOCUS (they have english version) - looks to be a good site (1297 hits)
zone-h 0day rumor - a list with alot of noise and very little signal, but interesting none the less (1404 hits)
[ X- Zero-Day ] - The dumping ground for Zero-Day Exploits.. The following entries are active zero-day vulnerabilities. Exploits that do not have any published vendor-supplied patch. (135 hits)

Windows Rootkit相关链接
[ 1] Avoiding Windows Rootkit Detection/Bypassing PatchFinder 2 - Edgar Barbosa[2004-02-17]

[ 2] TOCTOU with NT System Service Hooking

TOCTOU with NT System Service Hooking Bug Demo

[ 3] Hooking Windows NT System Services

[ 4] NTIllusion: A portable Win32 userland rootkit - Kdm <Kodmaker@syshell.org>

[ 5] Kernel-mode backdoors for Windows NT - firew0rker <firew0rker@nteam.ru>

[ 6] Win2K Kernel Hidden Process/Module Checker 0.1 (Proof-Of-Concept) - Tan Chew Keong[2004-05-23]

[ 7] port/connection hiding - akcom[2004-06-18]

[ 8] Process Invincibility - metro_mystery[2004-06-13]

[ 9] KCode Patching - hoglund[2004-06-06]

[10] Hiding Window Handles through Shadow Table Hooking on Windows XP - metro_mystery[2004-06-12]

[11] hooking functions not exported by ntoskrnl - akcom[2004-07-02]

[12] A method of get the Address of PsLoadedModuleList - stoneclever[2004-06-10]

[13] Fun with Kernel Structures (Plus FU all over again) - fuzen_op[2004-06-08]

[14] Getting Kernel Variables from KdVersionBlock, Part 2 - ionescu007[2004-07-11]

[15] Byepass Scheduler List Process Detection - SoBeIt <kinvis@hotmail.com>[2004-04-25]

[16] Detecting Hidden Processes by Hooking the SwapContext Function - worthy[2004-08-03]



本文链接: http://clin003.com/rootkit/rootkit-related-links-36.shtml


Windows Rootkit相关链接[转]

标题: Windows Rootkit相关链接维护: 小四 链接: http://www.opencjk.org/~scz/200402170928.txt创建: 2004-02-17 09:28更新...
  • LionD8
  • LionD8
  • 2005年07月24日 23:48
  • 1982


rootkit Rootkit是一种特殊的恶意软件,它的功能是在安装目标上隐藏自身及指定的文件、进程和网络链接等信息,比较多见到的是Rootkit一般都和木马、后门等其他恶意程序结合使用。 外文名...
  • bcbobo21cn
  • bcbobo21cn
  • 2016年04月10日 14:04
  • 1484

Windows Rootkit相关链接

维护: 小四 链接: http://www.opencjk.org/~scz/200402170928.txt创建: 2004-02-17 09:28更新: 2006-03-14 10:59--   ...
  • iiprogram
  • iiprogram
  • 2006年03月21日 21:06
  • 1365


  • chinajust
  • chinajust
  • 2016年04月20日 14:57
  • 1556

Linux Rootkit系列三:实例详解 Rootkit 必备的基本功能

前言 鉴于笔者知识能力上的不足,如有疏忽,欢迎纠正。 本文所需的完整代码位于笔者的代码仓库:https://github.com/NoviceLive/research-roo...
  • stonesharp
  • stonesharp
  • 2016年07月01日 09:23
  • 3258


DDRK是一个Linux结合shv和adore-ng优点,内核级别的rootkit。 DDRK中包含的文件: netstat  #替换系统中的netstat,从ssh配置文件中读取端口并隐...
  • ilovemayverymuch
  • ilovemayverymuch
  • 2015年03月15日 17:53
  • 1957

这文章介绍了Linux下rootkit常见玩法-Linux Rootkit Sample && Rootkit Defenser Analysis - .Little Hann - 时间 2014-

原文  http://www.cnblogs.com/LittleHann/p/3879961.html 主题 Linux 目录 1. 引言 2. LRK5 Rootkit...
  • qq_27446553
  • qq_27446553
  • 2016年04月14日 23:17
  • 2708


  • sdulibh
  • sdulibh
  • 2016年02月25日 22:37
  • 1188


出售过还原软件代码2007-07-24 16:10 类型1:过各类还原软件保护写入文件 ...
  • valiant1ster
  • valiant1ster
  • 2007年08月08日 21:35
  • 650

Linux下rootkit漏洞检查工具RootKit Hunter

我們知道,要取得一部主機的所有權限,那就是需要取得該部主機的超級管理員 root 的權限! 所以一般黑客都會想盡辦法去取得 root 的權限的。那麼該如何取得 root 的權限呢? 最簡單的方法就是利...
  • yeqihong
  • yeqihong
  • 2007年07月20日 10:44
  • 1876