Rootkit Site Links

Categories:

Decompilers
Garage-Homebrew haxoring of a different type
Network drivers-Contains links for both NDIS and TDI drivers.
Remote Control packages

Links:

Anti-trojan.org-the worlds largest Trojan Information Website. Information on over 1000 different Trojans. (3096 hits)
Antiserver rootkit collection-a small archive that includes backdoored services (2540 hits)
Author for Google Hacking/penetration testers-very useful website. (556 hits)
Bochs-an x86 emaulator w/source, like VMware (844 hits)
Brilliant trick to program Rom chips-(1007 hits)
Cain and Abel + other tools-Cain & Abel is a password recovery tool for Microsoft operating systems. (380 hits)
Chkrootkit-A rootkit detector (1881 hits)
Dj cmos phneutral-Keith has informed us that these are the worst mixes of his entire life. this is mostly because of FX's amazing hospitallity and allowing Keith to "enjoy" the bar free of charge. keith has requested that we remove the files but don't worry, we told him to fuck himself. (887 hits)
DLL world-search engine and a ton of DLL's and ocx' X (1296 hits)
Edge engine-the CMS engine used for this website (415 hits)
Excompuls-(1974 hits)
Exploit archive-yet another, W/search (2052 hits)
Finding hidden processes and terminate it-"finding hidden processes" is a tool for finding hidden processes in our systems. (647 hits)
Free computer books, tutorials & lecture notes-a whole archive of about everyhting and anyhting computer related. Lots of good referance material. (1111 hits)
Generating small executables with Visual C ++-Nice tutorial on how to create small EXE's with Visual C ++. (1273 hits)
Getting windbg and VMWare to play together-(710 hits)
Good info on filesystem drivers-(916 hits)
Google hack: browsable directories-this search string returns sites w/browsable root DIR's (2734 hits)
Google hack: finds user auth files-find files called "auth_user_file.txt"-you can crack hashes (1747 hits)
Googlehack-getting ASP pages for jection check-this hack throws you with a search how to get direct ASP pages index for injection check (277 hits)
Hacking DNA at home-hacking code getting old? Try DNA instead. This resource will help you build super-virulent E. coli (Be careful !) And grow glow-in-the-dark house plants. (700 hits)
Http://www.k-otik.com/exploits/-exploit archive (1480 hits)
Interrupt hooking-(1164 hits)
Just check it out-apihooks and others (957 hits)
Kernel Security therapy anti-Trolls (kstat)-(Self describes :) kernel Security therapy anti-Trolls (kstat) is a very powerful security tool to detect your kinds of rogue kernel rootkits. it analyzes the kernel through/dev/kmem and detects modified syscils as well as varous other problems. this version runs on 2.4.x only, and can assist in finding and removing Trojan lkms. it supports network socket dumps, sys_call fingerprinting, stealth module scanning, and more. (1136 hits)
Matt pietrek's homepage-(1746 hits)
Microlib-machine simulator (727 hits)
Neworder Security References-good I guess for the newbie, helped me out with some questions and thought maybe it wocould help out. great Community aspect thought, has alot of references to different sites that they host, like code. box. SK and junk like that. not just for a weird wanna be hacker. (386 hits)
Nice article on API apying technique-Yariv Kaplan's article, a good one (1145 hits)
NMAP website-one of the best network mapping and port scanning tools that is freely available for your operating systems (342 hits)
Open reverse code engineering-open reverse code engineering community was created to foster a shared learning environment among researchers interested in the field of reverse engineering. heavily modeled on rootkit.com, openrce aims to serve as a centralized resource for reverse engineers (currently heavily Win32/security/malcode biased) by hosting files, blogs, forums articles and more. (1081 hits)
Packetstorm directory tree-(991 hits)
Pearpc-PowerPC machine emulator (603 hits)
Qemu-another x86 machine emulator (543 hits)
RCE messageboards-a set of message boards dedicated to reverse code engineering issues ranging from newbie to advanced. There is also a RCE tool discussion board and a Board dedicated to cryptographics. (546 hits)
Reactos-reactos is an OS based on Windows NT, the source code contains allooooooot of info about NT kernel, how Windows boot,... (1050 hits)
Rootkit archive-(2363 hits)
Rootkit's unloader-t's tool for unmapping the modules and loaded Rootkit's DLLs. it also can terminate the threads and processes. for unloading the rootkits first you must know your target's dll after finding these processes you can terminate the library. tip: before selecting this you must close and save your program's data, because this program erasing all threads and maybe your lose your data. terminatethread is a dangerous function that shoshould only be used in the most extreme cases. you shoshould call terminatethread only if you know exactly what the target thread is doing, and you control all of the code that the target thread cocould possibly be running at the time of the termination. down Load's link full source code with binary https://www.rootkit.com/vault/neocrackr/Rootkits_Unloader.rar (286 hits)
Rootkit. nl-rootkit detector( 1512 hits)
Rootkits: the "r00t" of digital edevil-viruses, worms, Trojans, spyware and rootkits abound in the Maelstorm of modern malware. rootkits easily stand out as the greatest threat to site security. to combat this growing problem, administrators need to understand how they work. (1014 hits)
Russian rootkits project-Russian rootkits project. (89 hits)
Samuel Jackson sound board-this is funny, you must try it (1641 hits)
The injecting DLLs into processes-this is a too for injecting DLLs into processes, free source code VB 6 + EXE binary (169 hits)
Tripatourium-(899 hits)
Universitas virtualis-Universitas virtualis offers with it's own powerful Bibliotheca system a comprehensive knowledge base for topics like algorithms, software-engineering, software-protection and reverse code engineering, cryptography and cryptanalysis. the Bibliotheca offers access to important research papers and gray papers to provide a wide range of available knowledge. (909 hits)
Worms archive-(1333 hits)
Xen-The xen Virtual Machine monitor (814 hits)
Xfocus (they have English version)-looks to be a good site (1297 hits)
Zone-H 0day rumor-a list with alot of noise and very little signal, but interesting none the less (1404 hits)
[X-zero-day]-the dumping ground for zero-day exploits .. the following entries are active zero-day vulnerabilities. exploits that do not have any published vendor-supplied patch. (135 hits)

Windows rootkit links

[1] avoiding Windows rootkit detection/bypassing patchfinder 2-Edgar Barbosa []
Http://www.geocities.com/embarbosa/bypass/bypassEPA.pdf

[2] toctou with NT System Service hooking
Http://www.securityfocus.com/archive/1/348570

Toctou with NT System Service hooking bug demo
Http://www.securesize.com/Resources/hookdemo.shtml

[3] hooking Windows NT System Services
Http://www.windowsitlibrary.com/content/356/06/1.html
Http://www.windowsitlibrary.com/content/356/06/2.html

[4] ntillusion: A portable Win32 userland rootkit-kdm< Kodmaker@syshell.org>
Http://www.phrack.org/phrack/62/p62-0x0c_Win32_Portable_Userland_Rootkit.txt

[5] kernel-mode backdoors for Windows NT-firew0rker <firew0rker@nteam.ru>
Http://www.phrack.org/phrack/62/p62-0x06_Kernel_Mode_Backdoors_for_Windows_NT.txt

[6] Win2k kernel hidden process/module checker 0.1 (proof-of-concept)-tan chew Keong []
Http://www.security.org.sg/code/kproccheck.html
Http://www.security.org.sg/code/KProcCheck-0.1.zip

[7] Port/connection hiding-akcom [2004-06-18]
Http://www.rootkit.com/newsread_print.php? Newsid= 143

[8] process invincibility-metro_mystery [2004-06-13]
Http://www.rootkit.com/newsread_print.php? Newsid= 139

[9] kcode patching-Hoglund [2004-06-06]
Http://www.rootkit.com/newsread_print.php? Newsid= 152
Http://www.rootkit.com/vault/hoglund/migbot.zip

[10] Hiding window handles through shadow table hooking on Windows XP-metro_mystery []
Http://www.rootkit.com/newsread_print.php? Newsid= 137

[11] hooking functions not exported by ntoskrnl-akcom []
Http://www.rootkit.com/newsread_print.php? Newsid= 151

[12] A method of get the address of psloadedmodulelist-stoneclever []
Http://www.rootkit.com/newsread_print.php? Newsid= 135

[13] Fun with kernel structures (plus Fu all over again)-fuzen_op [2004-06-08]
Http://www.rootkit.com/newsread_print.php? Newsid= 134
Http://www.rootkit.com/vault/fuzen_op/FU_Rootkit.zip

[14] Getting kernel variables from kdversionblock, Part 2-ionescu007 []
Http://www.rootkit.com/newsread_print.php? Newsid= 153

[15] byepass scheduler list Process Detection-sobeit <kinvis@hotmail.com> []
Http://www.rootkit.com/newsread_print.php? Newsid= 117

[16] detecting hidden processes by hooking the swapcontext function-worthy []
Http://www.rootkit.com/newsread_print.php? Newsid= 170