Unhide is a forensic tool to find hidden processes and TCP/UDP ports by rootkits / LKMs or by other hidden techniques.
// Unhide (ps) Detects hidden processes. Six different techniques implemented: - Comparing /proc vs /bin/ps output - Comparing information gathered from /bin/ps with information gathered by walking through the procfs. - Compare information gathered from /bin/ps with information gathered from syscalls (syscall scanning). - Full PIDs space occupation (using PIDs bruteforcing) - Reverse search, verifying that every threads seen by ps are also seen by the kernel ( /bin/ps output vs /proc, procfs walking and syscall ) - Quick compare /proc, procfs walking and syscall vs /bin/ps output. // Unhide-TCP Identify TCP/UDP ports that are listening but not listed in /bin/netstat, bruteforcing every available TCP/UDP ports. Changes in this release: [+] New tests added. [+] Now, Unhide is more modular, allowing the selection of single tests (or metatests) [+] New project homepage released: http://www.unhide-forensics.info Regards! ----------------------------------------------------------------- Securing Your Online Data Transfer with SSL. A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate on your web server, you can securely collect sensitive information online, and increase business by giving your customers confidence that their transactions are safe. http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a17f194
