|File Search||Catalog||Content Search|
Unhide detects hidden processes using three techniques:
- comparing the output of /proc and /bin/ps - comparing the information gathered from /bin/ps with the one gathered from system calls (syscall scanning) - full scan of the process ID space (PIDs bruteforcing)
unhide-tcp identifies TCP/UDP ports that are listening but are not listed in /bin/netstat through brute forcing of all TCP/UDP ports available.
**-Unhide-** email@example.com Unhide is a forensic tool to find hidden processes and TCP/UDP ports by rootkits / LKMs or by another hidden technique. //Unhide (ps) Detecting hidden processes. Implements three techniques * Compare /proc vs /bin/ps output * Compare info gathered from /bin/ps with info gathered from syscalls (syscall scanning). * Full PIDs space ocupation (PIDs b more»
UNHIDE-TCP(8) UNHIDE-TCP(8) NAME unhide-tcp — forensic tool to find hidden TCP/UDP ports SYNOPSIS unhide-tcp DESCRIPTION unhide-tcp is a forensic tool that identifies TCP/UDP ports that are listening but are not listed in /bin/netstat through brute forcing of all TCP/UDP ports available. SEE ALSO unhide (8 more»
UNHIDE(8) UNHIDE(8) NAME unhide — forensic tool to find hidden processes SYNOPSIS unhide proc | sys | brute DESCRIPTION unhide is a forensic tool to find processes hidden by rootk‐ its, Linux kernel modules or by other techniques. It detects hidden processes using three techniques: The proc tech more»
GNU GENERAL PUBLIC LICENSE Version 3, 29 June 2007 Copy more»