[Vol-users] Need to pick a malware for a demo

Dewhirst, Rob robdewhirst at gmail.com
Thu May 3 09:57:16 CDT 2012


Check out the Hacker Defender rootkit. I am pretty sure I demoed
exactly what you are wanting to do (including using Volatility to
reveal the rootkit) about a year ago and this malware was a good
example and easy to use.  I don't know for sure that it hides from
PsList but it hides from the built-in windows tools.

Email me if you can't find a copy.

On Wed, May 2, 2012 at 11:32 PM, Mike Lambert <dragonforen at hotmail.com> wrote:
> I've got a memory forensics presentation coming up next week and I'd like to
> use a sample that will illustrate a crossview example.
>
> Specifically, I'd like to use an example that hides from pslist on the
> running system (don't want a DKOM example) but we can find it using
> Volatility.
> I'd like it to be something running and not a process injection sample.
>
> Does someone have a suggestion which one may provide a good illustration?
>
> Thanks,
> Mike
>
>
> _______________________________________________
> Vol-users mailing list
> Vol-users at volatilityfoundation.org
> http://lists.volatilityfoundation.org/mailman/listinfo/vol-users
>


More information about the Vol-users mailing list