Hosting Provided By

Re: New release of Solaris secuirity module Papillon

From: Dave Aitel <dave(at)immunitysec.com>
Date: Tue Apr 22 2003 - 11:36:47 EDT

Good work, once again. In fact, there are probably many really cool projects that could benefit from being built on your work - for example, a kernel rootkit detection tool...

It didn't really detect my 0day local root - or not in a way that it can distinguish between it, and lots of valid popen()s and execves() and other normal activity. You should only warn if the current %PC is on a non .text page, maybe?

-dave

On 20 Apr 2003 15:26:29 +0200
Konrad Rieck <kr@roqe.org> wrote:

> Hello,
Received on Tue Apr 22 17:30:28 2003

This message: [ Message body ]
Next message: Konrad Rieck: "Re: New release of Solaris secuirity module Papillo"
Previous message: Eric AUGE: "Re: distributed ssh key management"
In reply to Konrad Rieck: "New release of Solaris secuirity module Papillon"
Next in thread: Konrad Rieck: "Re: New release of Solaris secuirity module Papillo"
Reply: Konrad Rieck: "Re: New release of Solaris secuirity module Papillo"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:37 EDT