[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] WindowsSCOPE hardware analyzer for rootkits?

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] WindowsSCOPE hardware analyzer for rootkits?
From: Kristian Erik Hermansen <kristian.hermansen@xxxxxxxxx>
Date: Fri, 20 May 2011 04:34:13 -0700

Has anyone tried this WindowsSCOPE hardware before? The video talks
about how they used it to detect/analyze Shadow Walker rootkit. Also,
seems you can make memory snapshots in time and see how kernel
SSDT/IDT ptrs change, among other things. Also shows colorized
differences in code pages between snapshots.

http://www.windowsscope.com/index.php?option=com_content&view=article&id=80&Itemid=49

I heard they are giving away free demo devices to the technical
reviewers that call them up to ask for it. I am somewhat skeptical
though that it is any different than what you can already do with
existing software/hardware tools. Anyone use it before?
-- 
Kristian Erik Hermansen
http://www.linkedin.com/in/kristianhermansen

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] New DDoS attack vector
Next by Date: Re: [Full-disclosure] New DDoS attack vector
Previous by thread: [Full-disclosure] Released FTP Password Decryptor !
Next by thread: [Full-disclosure] [ MDVSA-2011:095 ] apr
Index(es):
- Date
- Thread