Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 07:16:35 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1152116832&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2FNT%2FIDS%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1152116832.1338189395.1338189395.1338189395.1%3B%2B__utmz%3D32867617.1338189395.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/36161/flister.txt http://packetstormsecurity.org/files/36161/flister.txt http://packetstormsecurity.org/files/36161/flister.txt.html Thu, 24 Feb 2005 11:18:55 GMT This is a textfile explaining what flister is and does. FLISTER is proof-of-concept code for detecting files hidden by both usermode and kernelmode Windows rootkits. It exploits the bugs in handling ZwQueryDirectoryFile() calls with ReturnSingleEntry set to TRUE. Flister works on Windows 2000, XP and 2003. http://packetstormsecurity.org/files/12416/ifms100.zip http://packetstormsecurity.org/files/12416/ifms100.zip http://packetstormsecurity.org/files/12416/ifms100.zip.html Tue, 17 Aug 1999 00:25:13 GMT Monitors paths and sends SMTP mail with changes discovered. http://packetstormsecurity.org/files/12417/intactdemo10a.zip http://packetstormsecurity.org/files/12417/intactdemo10a.zip http://packetstormsecurity.org/files/12417/intactdemo10a.zip.html Tue, 17 Aug 1999 00:25:13 GMT Intact v1.0a - Intact is a system integrity checker which will take a snapshot of your system and verify that none of your files, directories, registries, devices, settings, permissions and auditing have changed. Intact can be used to detect unauthorized intrustion, damage from viruses, trojan horses, rouge installation programs, security alterations, changes to auditing settings--pretty much any changes, additions or deletions which could compromise your system. http://packetstormsecurity.org/files/12418/nthandleex.zip http://packetstormsecurity.org/files/12418/nthandleex.zip http://packetstormsecurity.org/files/12418/nthandleex.zip.html Tue, 17 Aug 1999 00:25:13 GMT Find out what files, registry keys and other objects processes have open, or which DLLs they have loaded. A flexible GUI will even show you who owns each process. http://packetstormsecurity.org/files/12414/dsinstall.exe http://packetstormsecurity.org/files/12414/dsinstall.exe http://packetstormsecurity.org/files/12414/dsinstall.exe.html Tue, 17 Aug 1999 00:25:11 GMT Desktop Sentry is a security alert system for use with Microsoft Windows NT 4.0. It monitors your system and lets you know when someone attaches to any shares on your computer while you are connected to your local network or surfing the Internet. An excellent tool! http://packetstormsecurity.org/files/12415/ievntslg.exe http://packetstormsecurity.org/files/12415/ievntslg.exe http://packetstormsecurity.org/files/12415/ievntslg.exe.html Tue, 17 Aug 1999 00:25:11 GMT Send NT Event Log entries to a syslog daemon. http://packetstormsecurity.org/files/12411/cla_v1_b1.exe http://packetstormsecurity.org/files/12411/cla_v1_b1.exe http://packetstormsecurity.org/files/12411/cla_v1_b1.exe.html Tue, 17 Aug 1999 00:25:10 GMT Centrax Log Analyst (CLA) v1.b1 - Intrusion Detection software for Windows NT. Features: Detect threats and intrusion across an entire enterprise using an extensive list of activity signatures. Analyze event logs immediately using out-of-the-box security. Preserve and secure security logs in a centralized database to prevent alterations. Compile and archive large volumes of security logs for future reporting and trending. Generate easy-to-understand damage assessment reports. Free, full copy. http://packetstormsecurity.org/files/12412/cybersensor.zip http://packetstormsecurity.org/files/12412/cybersensor.zip http://packetstormsecurity.org/files/12412/cybersensor.zip.html Tue, 17 Aug 1999 00:25:10 GMT CyberSensor enables spying on any WIN32 API call. You can install any number of prehandlers and posthandlers for the API call. It enables spying on a specific process, its children or allows you to put a system wide hook. Features: Network based Machine Activity Monitor (NMAM) will be able to spy remotely on all the machines in the network. This can be used for monitoring user activity. The activities which can be monitored include Registry, File System, Internet, E-mails, Security, etc; API Library for writing your own spys; Framework for adding new monitors to NMAM; No configuration requirements on individual machines in the network; Centralized User Interface for the entire network. http://packetstormsecurity.org/files/12413/diskmon.zip http://packetstormsecurity.org/files/12413/diskmon.zip http://packetstormsecurity.org/files/12413/diskmon.zip.html Tue, 17 Aug 1999 00:25:10 GMT This is a Gui/device driver program that watches all hard disk activity. http://packetstormsecurity.org/files/12407/bbnt1-04d.zip http://packetstormsecurity.org/files/12407/bbnt1-04d.zip http://packetstormsecurity.org/files/12407/bbnt1-04d.zip.html Tue, 17 Aug 1999 00:25:08 GMT Big Brother system and network monitor ported to NT. http://packetstormsecurity.org/files/12410/a2nt.zip http://packetstormsecurity.org/files/12410/a2nt.zip http://packetstormsecurity.org/files/12410/a2nt.zip.html Tue, 17 Aug 1999 00:25:07 GMT Security management tools for NT. http://packetstormsecurity.org/files/12404/bbnt1-03.zip http://packetstormsecurity.org/files/12404/bbnt1-03.zip http://packetstormsecurity.org/files/12404/bbnt1-03.zip.html Tue, 17 Aug 1999 00:25:07 GMT Big Brother system and network monitor ported to NT. http://packetstormsecurity.org/files/12405/bbnt1-04a.zip http://packetstormsecurity.org/files/12405/bbnt1-04a.zip http://packetstormsecurity.org/files/12405/bbnt1-04a.zip.html Tue, 17 Aug 1999 00:25:07 GMT Big Brother system and network monitor ported to NT. http://packetstormsecurity.org/files/12406/bbnt1-04b.zip http://packetstormsecurity.org/files/12406/bbnt1-04b.zip http://packetstormsecurity.org/files/12406/bbnt1-04b.zip.html Tue, 17 Aug 1999 00:25:07 GMT Big Brother system and network monitor ported to NT. http://packetstormsecurity.org/files/12408/HummerNT.zip http://packetstormsecurity.org/files/12408/HummerNT.zip http://packetstormsecurity.org/files/12408/HummerNT.zip.html Tue, 17 Aug 1999 00:25:06 GMT HummingBird is a distributed component for any Intrusion Detection System. Features: Share security information with any Internet host, Powerful search-able database of security relevant data, Easy to use data visualization, Detects light but network wide attacks, Keeps historical data of system status, Hosts can be organized in a hierarchy for better management and information flow, Java interface for alert messages. HummingBird Project http://packetstormsecurity.org/files/12409/ViperDB.zip http://packetstormsecurity.org/files/12409/ViperDB.zip http://packetstormsecurity.org/files/12409/ViperDB.zip.html Tue, 17 Aug 1999 00:25:06 GMT ViperDB was created as a smaller & faster alternative to Tripwire. Instead of writing to one database, ViperDB writes to database files in each "watched" directory, decreasing the chances of an attacker being able to successfully modify your "watchd" filesystem. http://packetstormsecurity.org/files/12419/windog-dtk.zip http://packetstormsecurity.org/files/12419/windog-dtk.zip http://packetstormsecurity.org/files/12419/windog-dtk.zip.html Tue, 17 Aug 1999 00:25:03 GMT The foundation for a "Windows Deception Toolkit". This package contains "fake" telnet and sendmail daemons, coded in Perl, runs on Windows. Cool concept!