exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 12 of 12 RSS Feed

Files

StMichael_LKM-0.01.tar.gz
Posted May 8, 2001
Authored by Tim Lawless | Site sourceforge.net

StMichael is a LKM that attempts to detect and divert attempts to install a kernel-module backdoor into a running linux system. This is done by monitoring the init_module and delete_module process for changes in the system call table. This is a experimental version, and a spin off from the Saint Jude Project.

tags | kernel
systems | linux
SHA-256 | dc244889f82b38409d2d4895342ec004e2fe8ee52ab5326ddf12acc3346c0b4d
Download | Favorite | View

Related Files

StMichael_LKM-0.13-k2.6.tar.gz
Posted Aug 17, 2006
Authored by Rodrigo Rubira Branco | Site sourceforge.net

StMichael is a LKM that attempts to provide a level of protection against kernel-module rootkits. StMichael is designed to be loaded early in the system boot process, and is intended to be present and running on its host system prior to the introduction of malicious kernel modules. StMichael provides this protection by monitoring various portions of the kernel, and optionally the entire kernel text itself, for modifications that may indicate the presence of a malicious kernel module. If rootkit-like activity is detected, StMichael will attempt to recover the kernel's integrity by rolling back the changes made to a previously known-good state.

Changes: Special 2.6 release for Defcon. Intended for developers who want to help improve the project but no longer care to work on the 2.4 kernel related release.
tags | kernel
systems | linux
SHA-256 | adc3452e7d816d4e5d6ed1c7456dfebf7c3df08482f47ee327c38bfe49184643
Download | Favorite | View
StMichael_LKM-0.13.tar.gz
Posted Aug 17, 2006
Authored by Rodrigo Rubira Branco | Site sourceforge.net

StMichael is a LKM that attempts to provide a level of protection against kernel-module rootkits. StMichael is designed to be loaded early in the system boot process, and is intended to be present and running on its host system prior to the introduction of malicious kernel modules. StMichael provides this protection by monitoring various portions of the kernel, and optionally the entire kernel text itself, for modifications that may indicate the presence of a malicious kernel module. If rootkit-like activity is detected, StMichael will attempt to recover the kernel's integrity by rolling back the changes made to a previously known-good state.

Changes: Last release under the 2.4 kernel series. Only bug fixes will be made after this point.
tags | kernel
systems | linux
SHA-256 | ff8ec12f68893b5afc4a6cec3000fa2633c142ce110705b622d4881cffa2bcf2
Download | Favorite | View
StMichael_LKM-0.12.tar.gz
Posted Oct 27, 2005
Authored by Rodrigo Rubira Branco | Site sourceforge.net

StMichael is a LKM that attempts to provide a level of protection against kernel-module rootkits. StMichael is designed to be loaded early in the system boot process, and is intended to be present and running on its host system prior to the introduction of malicious kernel modules. StMichael provides this protection by monitoring various portions of the kernel, and optionally the entire kernel text itself, for modifications that may indicate the presence of a malicious kernel module. If rootkit-like activity is detected, StMichael will attempt to recover the kernel's integrity by rolling back the changes made to a previously known-good state.

Changes: StJude/StMichael now has Rodrigo Rubira Branco as its new maintainer. This release fixes compilation problems with 2.4 kernels and also support MBR checksums.
tags | kernel
systems | linux
SHA-256 | fbc421f4251b05aecaeb01f939302594c2a7090f9d731b7f6872c015173cd659
Download | Favorite | View
StMichael_LKM-0.11.tar.gz
Posted Aug 7, 2002
Authored by Tim Lawless | Site sourceforge.net

StMichael is a LKM that attempts to detect and divert attempts to install a kernel-module backdoor into a running linux system. This is done by monitoring the init_module and delete_module process for changes in the system call table. Detects most modern LKM's, including KIS.

Changes: Addition of Self Integrity Checks to Detect Attacks Against StMichael itself. Added of configuration options to hard-code memory offsets into the source instead of discovery during load time, permitting loading of Stmichael from an initrd, before init spawns and the filesystems are mounted.
tags | kernel
systems | linux
SHA-256 | 05453e68b128c4bc3d111e203127ddebcf8a353f6d35be8a1568db78e5a6bcf9
Download | Favorite | View
StMichael_LKM-0.10.tar.gz
Posted Mar 30, 2002
Authored by Tim Lawless | Site sourceforge.net

StMichael is a LKM that attempts to detect and divert attempts to install a kernel-module backdoor into a running linux system. This is done by monitoring the init_module and delete_module process for changes in the system call table. Detects most modern LKM's, including KIS.

Changes: Really Immutable filesystem support for ext3 fs added, Added in Kernel Licensing Code to Identify the Kernel License for newer kernels, Backup kernel is now obscured from string searches using the weak crypt function, Added needed modifications to support the newer Alan Cox Kernels, with the different VM system, fixed lots of compilation issues, and better docs.
tags | kernel
systems | linux
SHA-256 | 3cadd9c000f7abda3f802cd86a8bb3e997005480eea923b062032b96f0c4b9e4
Download | Favorite | View
StMichael_LKM-0.08.tar.gz
Posted Jan 22, 2002
Authored by Tim Lawless | Site sourceforge.net

StMichael is a LKM that attempts to detect and divert attempts to install a kernel-module backdoor into a running linux system. This is done by monitoring the init_module and delete_module process for changes in the system call table. Detects most modern LKM's, including KIS.

Changes: Addition of ability to restore a system attacked using kernel modification techniques such as a Silvio Stealth syscall by reloading the kernel without a reboot. Addition of Checks to detect the possible subversion of the kernel at loadtime. Now does Full Kernel Text Validation.
tags | kernel
systems | linux
SHA-256 | cfdc95d46449ec34094b6f6d84b7777f5aa317ca625e1df739166a92bce9f556
Download | Favorite | View
StMichael_LKM-0.07.tar.gz
Posted Oct 30, 2001
Authored by Tim Lawless | Site sourceforge.net

StMichael is a LKM that attempts to detect and divert attempts to install a kernel-module backdoor into a running linux system. This is done by monitoring the init_module and delete_module process for changes in the system call table. Detects most modern LKM's, including KIS.

Changes: Fixed a serious bug that could cause a kernel Oops if StMichael was not the first module loaded into the system.
tags | kernel
systems | linux
SHA-256 | a7774eef3632893c5a98ee5c960e6b6f9dbac1d3f386cf18305d212787aaa0c8
Download | Favorite | View
StMichael_LKM-0.06.tar.gz
Posted Oct 25, 2001
Authored by Tim Lawless | Site sourceforge.net

StMichael is a LKM that attempts to detect and divert attempts to install a kernel-module backdoor into a running linux system. This is done by monitoring the init_module and delete_module process for changes in the system call table. Detects most modern LKM's, including KIS.

Changes: Began code and signature obfuscation work to conceal commonly found strings, Introduced permanent immutability to files on ext2 fs, and other misc code beautification.
tags | kernel
systems | linux
SHA-256 | aea8dd329d274f75e8784ed565f3fbfe92bc1d968087cc372f4a6edd4e673f6a
Download | Favorite | View
StMichael_LKM-0.05.tar.gz
Posted Jul 12, 2001
Authored by Tim Lawless | Site sourceforge.net

StMichael is a LKM that attempts to detect and divert attempts to install a kernel-module backdoor into a running linux system. This is done by monitoring the init_module and delete_module process for changes in the system call table. Detects most modern LKM's, including KIS.

Changes: Added Checks to Detect modules hiding their presence, Added Read-Only /dev/kmem, and Added VFS checking.
tags | kernel
systems | linux
SHA-256 | 33b2a82b72ad4b69da6a97ec42e2075330adf82b34899f654194adb5c628dd98
Download | Favorite | View
StMichael_LKM-0.04.tar.gz
Posted Jul 11, 2001
Authored by Tim Lawless | Site sourceforge.net

StMichael is a LKM that attempts to detect and divert attempts to install a kernel-module backdoor into a running linux system. This is done by monitoring the init_module and delete_module process for changes in the system call table. This is a experimental version, and a spin off from the Saint Jude Project.

Changes: Added the SHA1 checksum to complement the md5's, added timers to periodically revalidate the kernel, added a configuration script, and added some demos which will trigger StMichael.
tags | kernel
systems | linux
SHA-256 | a0d290b17442053787c6652f23397b32b04e3066b225c9bafc040f367dd857d5
Download | Favorite | View
StMichael_LKM-0.03.tar.gz
Posted Jun 5, 2001
Authored by Tim Lawless | Site sourceforge.net

StMichael is a LKM that attempts to detect and divert attempts to install a kernel-module backdoor into a running linux system. This is done by monitoring the init_module and delete_module process for changes in the system call table. This is a experimental version, and a spin off from the Saint Jude Project.

Changes: Added md5 checksums to the contents of system calls, added cloaking to hide the presence of StMichael, and its symbols. Since StMichael cause the rootkits to not work as expected, we do not want to give away any useful debugging information.
tags | kernel
systems | linux
SHA-256 | 3a46b99429e5f1bbbff87fa24b0ed3404e912a0cc93c119499d0f899367e02a6
Download | Favorite | View
StMichael_LKM-0.02.tar.gz
Posted May 10, 2001
Authored by Tim Lawless | Site sourceforge.net

StMichael is a LKM that attempts to detect and divert attempts to install a kernel-module backdoor into a running linux system. This is done by monitoring the init_module and delete_module process for changes in the system call table. This is a experimental version, and a spin off from the Saint Jude Project.

Changes: Fixed an inverted match which could cause kernel to hang on attempt to unload StMichael.
tags | kernel
systems | linux
SHA-256 | 909fea48bf854a5ec92e4a60a669b1c0609f13118aa49647f57b775f69d65db4
Download | Favorite | View
Page 1 of 1
Back1Next

File Archive:

March 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    13 Files
  • 3
    Mar 3rd
    15 Files
  • 4
    Mar 4th
    0 Files
  • 5
    Mar 5th
    0 Files
  • 6
    Mar 6th
    16 Files
  • 7
    Mar 7th
    31 Files
  • 8
    Mar 8th
    16 Files
  • 9
    Mar 9th
    13 Files
  • 10
    Mar 10th
    9 Files
  • 11
    Mar 11th
    0 Files
  • 12
    Mar 12th
    0 Files
  • 13
    Mar 13th
    10 Files
  • 14
    Mar 14th
    6 Files
  • 15
    Mar 15th
    17 Files
  • 16
    Mar 16th
    22 Files
  • 17
    Mar 17th
    13 Files
  • 18
    Mar 18th
    0 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    16 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close