Welcome > Linux
 
 

Linux


// Unhide (ps)

Detecting hidden processes. Implements six techniques

  • Compare /proc vs /bin/ps output
  •  Compare info gathered from /bin/ps with info gathered by walking thru the procfs.
  • Compare info gathered from /bin/ps with info gathered from syscalls (syscall scanning).
  • Full PIDs space occupation (PIDs bruteforcing)
  • Reverse search, verify that all thread seen by ps are also seen by the kernel ( /bin/ps output vs /proc, procfs walking and syscall )
  • Quick compare /proc, procfs walking and syscall vs /bin/ps output.

// Unhide-TCP

Identify TCP/UDP ports that are listening but not listed in /bin/netstat doing brute forcing of all TCP/UDP ports availables.

Submenu

 
 
 

 

 

 
Unhide homepage