Public

Projects

Users

Details for group Powathan Threat detection framework

General information

  • Groupname: powathan
  • Users: ndis
  • Description:

    A little tribute to an American indian chief. Open source threat detection/analysis framework and assestment tool for Win32 systems. Written mainly in C with own libraries (libpowathan and libraleigh), it uses the Raleigh analysis engine to test and analyse common and uncommon threat patterns, such as resident malware on certain applications/OS system files, common techniques for obfuscating/hiding/hooking/legitimate arbitrary code and/or applications (such as packers, crypters, joiners, low-level backdoors such as NDIS, hyper-visor based, etc), IAT, EAT and SEH hooks, DLL injections, anomalies on ring zero level, binary integrity checks, rootkits at different levels (userland and kernel-land), illegitimate binded TCP ports, suspicious network activity (result of connectback shells, illegal remote activity, remote querying (RPC, NetBIOS, traceroutes, OS fingerprinting, LDAP/SNMP/NFS/etc scanning), and more.

    Currently in beta stage, arranging some modifications for public release. Licenced under the GPL-2 licence.

Tags

No tag for this group

Services