Detecting Windows Server Compromises with Patchfinder 2
暂无分享,去创建一个
Introduction Patchfinder (PF) is sophisticated diagnostic utility designed to detected system libraries and kernel compromises. Its primary use is to check if the given machine has been attacked with some modern rootkits, i.e. programs which tries to hide attacker’s activity on the hacked system by cheating operating system about the list of active processes, files on filesystem, running services, registry contents, etc...
[1] James Butler,et al. Hidden processes: the implication for intrusion detection , 2003, IEEE Systems, Man and Cybernetics SocietyInformation Assurance Workshop, 2003..