March 2005 - Posts

Robert Hensing’s Incident Response Blog – Reloaded
After nearly 7 years in Product Support Services helping our customers on issues ranging from debugging IIS failures, to identifying performance issues to helping customers with security investigations I have taken on a new challenge and accepted a job Read More...
Posted 23 March 05 02:24 by Robert_Hensing | 11 Comments   
New Rootkit Revealer available!
Sysinternals yesterday released a new version of Rootkit revealer after receiving feedback that people using rootkits were starting to add Rootkit Revealer to the 'root process' to continue to avoid detection. The new version uses a randomly named executable Read More...
Posted 23 March 05 09:52 by Robert_Hensing | 3 Comments   
New weapon in the war - F-Secure reveals Blacklight - an anti-rootkit tool - try it today (remember to rename it <G>)
F-Secure has finally taken the wraps off a new anti-rootkit tool they call Blacklight (I dig the name): http://www.f-secure.com/blacklight/try.shtml It seems to do a file system scan and may employ a similar technique to that of Rootkit Revealer and the Read More...
Posted 10 March 05 10:02 by Robert_Hensing | 3 Comments   
Rootkit Revealer vs. Hacker Defender - How the miscreants are defeating Rootkit Revealer and how to fight back
So over the last week we've started to get cases where Rootkit Revealer (having been downloaded by the customer) is not detecting any hidden files / folders / registry entries on the customers machine; yet our own rootkit tools we supply with our IR toolkit Read More...
Posted 10 March 05 09:36 by Robert_Hensing | 27 Comments   
Page view tracker