RE: [Vol-users] Need to pick a malware for a demo

Hi Rob, Thanks for the suggestion. As I recall that would fit the profile when combined with another tool. And I think it will run in a VM. In the past a friend of mine used Hacker Defender and Optiplex as an example in a presentation. I'd like to pick something else if possible (would rather not duplicate and look lame). What would be really cool is something current that runs in a VM and is a good pslist crossview demo. If I can't find something current, I'll fall back to HD. Good thought! Thanks much for the suggestion. If you have any other thoughts I appreciate them. Mike > > Check out the Hacker Defender rootkit. I am pretty sure I demoed > exactly what you are wanting to do (including using Volatility to > reveal the rootkit) about a year ago and this malware was a good > example and easy to use. I don't know for sure that it hides from > PsList but it hides from the built-in windows tools. > > Email me if you can't find a copy. > > On Wed, May 2, 2012 at 11:32 PM, Mike Lambert <dragonforen(a)hotmail.com> > wrote: > > I've got a memory forensics presentation coming up next week and I'd > > like to > > use a sample that will illustrate a crossview example. > > > > Specifically, I'd like to use an example that hides from pslist on the > > running system (don't want a DKOM example) but we can find it using > > Volatility. > > I'd like it to be something running and not a process injection sample. > > > > Does someone have a suggestion which one may provide a good > > illustration? > > > > Thanks, > > Mike > > > > > > _______________________________________________ > > Vol-users mailing list > > Vol-users(a)volatilityfoundation.org > > http://lists.volatilityfoundation.org/mailman/listinfo/vol-users > > > _______________________________________________ > Vol-users mailing list > Vol-users(a)volatilityfoundation.org > http://lists.volatilityfoundation.org/mailman/listinfo/vol-users