ESET Rootkit Detector beta 1

Recommended Posts

goretsky    1,218



ESET Rootkit Detector beta 1 is now available for testing.  This is a new program from ESET's researchers for detecting malicious kernel extensions that hook into system functions and modify the kernel's memory space in order to redirect disk and file I/O (i.e., stealth mechanisms typically used by rootkits).  If a rogue kernel extension is found, the user will be prompted to submit it to ESET's researchers for analysis.



?  None (initial release)


For more information or to download a copy, see:


ESET Beta Tester's Portal

ESET Blog Post

ESET Knowledgebase

Direct download link




Aryeh Goretsky


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By Jefferson Mangubat
      Twitter announces new steps to beef up security of high-profile political accounts
      by Jefferson Mangubat

      Twitter is taking extra measures to keep high-profile accounts with political inclinations secure during the upcoming U.S. elections. Beginning today, those accounts will now receive in-app notifications that will prompt owners to adopt Twitter's recommended practices for increased security.

      In a blog post, Twitter said it will require political accounts to use a strong password. For those that use a weak combination, the company will ask them to replace their password the next time they log in to their accounts. This will apply to officials in the U.S. executive branch, members of Congress, U.S. governors, secretaries of state, presidential campaigns with election labels, political journalists and news outlets, candidates, and political parties.

      Twitter's password reset protection will also be turned on by default to prevent unauthorized password changes. Meanwhile, it will also recommend that these accounts enable two-factor authentication.

      The social networking site plans to roll out more proactive internal security safeguards over the next few weeks. These include advanced detection and alert systems to address security incidents, heightened protection for authorized login attempts, and faster account recovery support. With these measures, Twitter seems to be trying to prevent the recent major hack in July from taking place again.

    • By Usama Jawad96
      Google's Advanced Protection Program will now scan risky files on-demand
      by Usama Jawad

      Back in 2017, Google announced its Advanced Protection Program (APP) to secure accounts of high-risk individuals such as journalists, business executives, activists and people involved in electoral processes. While the service is free to use, people who enroll in the program may have to pay a fee to procure a security key.

      In August 2019, Google stated that for APP users, Chrome will automatically scan for risky downloads, trigger alerts if required, and even block files containing malware from downloading. Now, the firm is making further enhancements to this feature.

      In a blog post, Google has highlighted that APP customers are already protected from phishing and Chrome also warns them when downloading risky files. Now, the company is taking this a step further by allowing them to send risky files directly to Google for scanning of potential threats. The tech giant will be using its cloud-hosting Safe Browsing suite of malware detection technology to analyze any files uploaded to its service. Google says:

      With the U.S. presidential elections just around the corner - amidst reports of increased cyberattacks - Google has encouraged members of political campaigns to enroll in APP. You can find out more details about the program here.

    • By Usama Jawad96
      Microsoft announces new Threat Protection APIs, platform now 'integration-ready'
      by Usama Jawad

      Microsoft Threat Protection (MTP) is a platform that provides organizations cross-domain threat detection and response mechanisms within their Microsoft 365 environments. It collects raw data from several endpoints across individual domains, and analyzes it to give a complete view of attack surfaces so that they can be detected, investigated, prevented, and responded to in an efficient manner.

      Microsoft has announced new APIs for MTP, stating that the platform is now "integration-ready".

      The Incidents API reveals comprehensive details about MTP incidents and is an evolution over simple alert mechanisms. It allows security teams to monitor and analyze the full scope of attacks and impacted services, including information about severity and entities responsible for alerts.

      The Cross-product threat hunting API allows security professionals query-based access to raw datastores in MTP so that they can utilize their own expertise and existing knowledge to create custom queries to detect threats.

      Additionally, Microsoft has also announced Splunk Enterprise and Micro Focus ArcSight FlexConnector security information and event management (SIEM) connectors, which are now available in preview mode. The former allows organizations to integrate security incidents with Splunk Enterprise while the latter offers the same integration with ArcSight.

      Lastly, the firm has stated that MTP alerts will be available soon via the Microsoft Graph Security API. Microsoft states that it plans to add an event streaming interface as well, which will stream event data into external sources so security professionals can analyze it with other data sources and develop custom analytics. The future roadmap for the platform also includes exposing more APIs to meet the needs of security professionals.

    • By Hamza Jawad
      Microsoft unveils new, open source bug finding tool, Project OneFuzz
      by Hamza Jawad

      Earlier today, Microsoft updated the C++ extension for Visual Studio Code, bumping it up to version 1.0. The source-code editor is one of several Microsoft products that is available on GitHub under a standard MIT license.

      Today, a new open source tool - Project OneFuzz - has been released by the tech giant under the same licensing. Coming in as a replacement for Microsoft's discontinued Security Risk Detection Service, the new platform is termed an "open source self-hosted developer fuzzing platform for Azure".

      Fuzz testing is essentially the removal of exploitable security flaws through a rigorous testing process that involves flooding the program in question with huge amounts of random data. Although quite useful, it is often complicated to execute as well. Project OneFuzz attempts to make fuzz testing an easier and more continuous process by utilizing recent advancements made through the open-sourced LLVM compiler infrastructure project.

      As a result of the aforementioned advancements, involved mechanisms that previously had to be attached to continuous build systems can now be directly baked into them. Crash detection, for example, can be built in through the asan tool, while coverage tracking can be baked in using the SanitizerCoverage (sancov) tool. Looking ahead, these changes enable the development of unit test binaries with a variety of fuzzing techniques built into a single executable.

      Project OneFuzz then allows for the building of these test binaries into CI/CD pipelines and large-scale fuzz workflows in the cloud. The highlighted features of the tool include:

      The testing framework is already being used in other Microsoft services and platforms including Microsoft Edge and Windows. Now, with Project OneFuzz's availability being extended to developers all over the world, it can be accessed on GitHub here. Contributions from the open-source community have been welcomed by Microsoft, with the firm promising that future updates to the tool will be brought to the community as they occur.

    • By Usama Jawad96
      Microsoft reports increased cyberattacks targeting U.S. elections
      by Usama Jawad

      With the U.S. presidential elections just around the corner, there is an increased pressure on tech companies to prevent interference from malicious groups. Facebook has some strict regulations in place for advertisements during the elections and is labeling state-controlled media outlets along with blocking ads from them as well. Meanwhile, the Biden campaign has banned TikTok from employee mobile devices.

      Now, Microsoft has reported that it has noted increased activities from foreign hacker groups targeting U.S. elections.

      Image via AbineIn a blog post, the company has stated that in the past few weeks, there have been increased cyberattacks on parties involved in both the Trump and Biden campaigns. These attacks primarily come from three groups: Strontium, Zirconium, and Phosphorus.

      Strontium is a Russian group which has affected over 200 organizations between September 2019 and today. These include U.S.-based consultants aiding Republicans and Democrats, and national and state party organizations in the country, among others. Strontium's modus operandi includes harvesting login credentials to compromise accounts.

      Meanwhile, Zirconium is a Chinese group which has launched thousands of attacks in the past few months, with almost 150 compromises. Microsoft reports that Zirconium has taken a two-pronged approach in its cybercrimes. One of this is targeting people directly associated with presidential campaigns: the Biden campaign has been a primary target, along with at least one individual previously involved in the Trump administration. The second technique of the group's strategy is to target influential people involved in international affairs. Zirconium used "web beacons" to determine whether targeted users have a valid online presence, which it uses for reconnaissance activities.

      Lastly, Phosphorus is a group from Iran against which Microsoft took action against last year as well. With help from courts, the tech giant is actively working to take control of web domains being used by this group. It has also noted that there have been multiple unsuccessful attempts from Phosphorus to log in to accounts of the Trump presidential staff.

      Despite increased activity from these hacking groups, Microsoft states that it has thwarted most attempts targeting U.S. elections and actively informed those who were targeted as well. The company says:

      Moving forward, Microsoft has emphasized that Congress needs to go ahead with increased funding to protect the election process. It has also highlighted several free and low-cost tools such as Microsoft 365 for Campaigns and Account Guard to secure election campaigns.