SANS Handler Review
Helios got mentioned by SANS handler Lenny Zeltser in todays Handlers Diaries. His ideas about using rootkit detection for incident handling are in line with a set of features that we plan to roll out (stuff like offline analysis with live-cds etc). You can read the diary entry here.
At MIEL Labs we're big followers of the SANS handlers diaries and would like to commend them on keeping us all up to date on the state of the 'Net.
The review mentions incorrectly that Helios does not detect the FuTo rootkit. The reason it was not detected in their tests was that the 'Advanced Detection' thread level detection feature was not enabled. When this feature is enabled, the second a hidden process gets CPU time, it will be detected. This can be seen in any of the FuTo videos on our videos page.
Look for a new version with more features based on community feedback very soon. We'll post here when it is updated.
posted by Helios Dev Team at 2:37 AM
2 Comments:
This post has been removed by a blog administrator.
The ethical Anti-Rootkit writer
Hello.
After an incident with the authors of RkUnhooker which involved threats to my life and website, I have put together a manifesto which lists some basic principles of ethical Anti-Rootkit writing. If you wish to appear in that list or have comments on this matter, reply to this e-mail or leave a comment on the website:
http://hype-free.blogspot.com/2007/02/manifesto-of-ethical-anti-rootkit.html
Best regards,
Balazs Attila-Mihaly
Post a Comment
<< Home