Hi.
Inspired by this article from Frank Boldewin
Hunting rootkits with Windbg
http://www.reconstructer.org/papers/Hun ... Windbg.pdf
Useful windbg scripts
KDAR
http://kdar.codeplex.com/
How to install
1. download archive
2. unzip it to C:\kdar or any other directory
3. set environment variable KDAR_PATH=C:\kdar or the path you specified
How to use
1. start windbg, if it not installed download it from http://www.microsoft.com/whdc/devtools/ ... fault.mspx or get it from latest WDK/Visual Studio.
2. in debugger command line type $$><C:\kdar\kdar.dcmd (or the path you specified)
SysecLabs scripts
http://www.laboskopia.com/download/Syse ... Script.zip
Installation and usage are pretty the same. Examples of usage inside Frank's article.
Another excellent article from Frank's is about Volatility, check it out.
http://reconstructer.org/papers/Hunting ... 20v2.0.pdf
List isn't impressive, but please feel free to add something.
Best Regards,
-rin
Inspired by this article from Frank Boldewin
Hunting rootkits with Windbg
http://www.reconstructer.org/papers/Hun ... Windbg.pdf
Useful windbg scripts
KDAR
http://kdar.codeplex.com/
How to install
1. download archive
2. unzip it to C:\kdar or any other directory
3. set environment variable KDAR_PATH=C:\kdar or the path you specified
How to use
1. start windbg, if it not installed download it from http://www.microsoft.com/whdc/devtools/ ... fault.mspx or get it from latest WDK/Visual Studio.
2. in debugger command line type $$><C:\kdar\kdar.dcmd (or the path you specified)
SysecLabs scripts
http://www.laboskopia.com/download/Syse ... Script.zip
Installation and usage are pretty the same. Examples of usage inside Frank's article.
Another excellent article from Frank's is about Volatility, check it out.
http://reconstructer.org/papers/Hunting ... 20v2.0.pdf
List isn't impressive, but please feel free to add something.
Best Regards,
-rin
