[kareldjag/michk]

Hi,

First a few demos:

-HideProc (CMDLine)
http://www.rohitab.com/discuss/index.ph ... opic=23880

With a Gui
http://www.iterati.org/Developers/HideProc/Default.aspx

-HideExec
http://code.kliu.org/misc/hideexec/

-Spodek

http://spodek.sourceforge.net/

http://sourceforge.net/projects/spodek/

A kind of brother of CodeProject full of interesting codes:

http://s.pudn.com/search_hot_en.asp?k=rootkit

http://s.pudn.com/search_hot_en.asp?k=HOOK

Some interesting code like Zion rootkit for instance:

http://blogs.technet.com/b/secure/archi ... nload.aspx

And to laugh with AV detection stats it's better to use NoVirusthanks with the option "do not distribute the sample"
http://scanner2.novirusthanks.org/

To be continued of course :)

Rgds

[Meriadoc]

Require register & upload to Pudn 5 unique source codes/papers.

[CloneRanger]

@ kareldjag

You sure know some places etc ;)

s.pudn.com etc - your ip XX.XXX.XXX.XXX is blocked, send email to ........... :o

[xqrzd]

Thanks for these :)
HideProc and Spodek are just trivial SSDT hooks. Haven't tried Zion yet but it looks interesting. :)
Edit: s.pudn.com blocks my IP address as well :(

[EP_X0FF]

Not sure, but Zion seems to be very old stuff.

edit: yes, 2008 year, SSDT hooks. Trash.

[kareldjag/michk]

Hi

I doubt that you can get a great collection of rootkits without efforts (learn a few words of chinese and russian, register here and there etc).
Yes Zion is not intented to be a super stealth demo rootkit, but a fully functionnal attacker tool (as its grand father HKDoor: http://www.yythac.com/softdown/hkdoor12public.rar ): from an insecurity perspective, i'm more interested in rootkit that have in the wild career oppotunities than rootkits that are limited to test labs environment.
An interesting demo is for instance Damouse (in the same site APIMonitor is an interesting tool):

http://www.rohitab.com/discuss/index.ph ... 8440&st=20

Rgds