Sunday, February 15, 2009

Rootkit Analytics

Welcome to Rootkit Analytics!!!
User-mode Rootkit Analytics:
Our first tool in this category would be SpyDLL, which would monitor injected process and injected modules inside the processes. We also provide option for the user to remove DLL without shutting down the process and an option to terminate the process itself. This tool will be expanding just like any other tool on our site.

Our next tool in user-mode rootkit analytics would be, WinInternals. This tool will give anything and everything required for a Windows based user-mode rootkit analytics that includes an extended edition of Process Memory Dumper[PMD].

Kernel-mode Rootkit Analytics:
Our first tool in this category would be ElfStat. More about this tool will be discussed in the near future.

The following are our members [sorted alphabetically] in Rootkit Analytics team so far:
Team Leads:
Kirk McGraw [Team Lead/Creator: WinInternals]
Nagareshwar Talekar [Team Lead/Creator: SpyDLL]
Ryan O'Neill [Team Lead/Creator: Elfstat]
Team Members:
Blake Hartstein [Team Member]

There are others whom we are still communicating with, for them to become a part of our team. The normal procedure of joining Rootkit Analytics is to either join EvilFingers in any of the teams and then once the member has proven their skills, they would be moved to any of our analytics divisions depending on their skill set. But we do consider direct volunteering for Rootkit Analytics division if you have prior hands-on anti-rootkit or related experience.

We are still working on expanding our research to other directions such as, application, hardware and firmware rootkits.

Contact us at contact.fingers @[because GMAIL rocks].

- EF

No comments: