|
Ninja v0.1.2
|
|
Hits: 9 |
|
Date added: 06/29/2007 |
|
Ninja is a privilege escalation detection and prevention
system for GNU/Linux hosts. While running, it will monitor
process activity on the local host, and keep track of all
processes running as root. If a process is spawned with
UID or GID zero (root), ninja will log necessary informa-
tion about this process, and optionally kill the process
if it was spawned by an unauthorized user.
A magic group can be specified, allowing members of this
group to run any setuid/setgid root executable.
Individual executables can be whitelisted. Ninja uses a
fine grained whitelist that lets you whitelist executables
on a group and/or user basis. This can be used to allow
specific groups or individual users access to setuid/set-
gid root programs, such as su(1) and passwd(1). |
|
|
|
|
|
TopToBottomNT v3.8
|
|
Hits: 29 |
|
Date added: 06/08/2007 |
|
TopToBottomNT (v3.8) is an NT component manager/system explorer utility for Microsoft Windows 2000 and Windows XP.
TopToBottomNT has been described as Task Manager on steroids.
TopToBottomNT displays a summary list of processes, i.e., the top of a system, or drivers, the bottom . Additional summary displays are modules that have been loaded by the currently active processes and registered ActiveX components. Each of these summary displays are sortable by name with additional criteria depending on display type, e.g., processes by creation time or drivers by driver base. |
|
|
|
|
|
|
THC-IPF v1.0
|
|
Hits: 6 |
|
Date added: 05/06/2007 |
|
IPF is the first command line tool for configuring the packet filter of Windows NT4 and Window 2000 systems. It replaces the annoying GUI alternatives and can be used as an elegant entry for writing advanced firewall scripts under the Windows system. |
|
|
|
|
|
|
DLL Export Viewer v1.10 x64
|
|
Hits: 5 |
|
Date added: 04/13/2007 |
|
This utility displays the list of all exported functions and their virtual memory addresses for the specified DLL files. You can easily copy the memory address of the desired function, paste it into your debugger, and set a breakpoint for this memoery address. When this function is called, the debugger will stop in the beginning of this function.
For example: If you want to break each time that a message box is going to be displayed, simply put breakpoints on the memory addresses of message-box functions: MessageBoxA, MessageBoxExA, and MessageBoxIndirectA (or MessageBoxW, MessageBoxExW, and MessageBoxIndirectW in unicode based applications) When one of the message-box functions is called, your debugger should break in the entry point of that function, and then you can look at call stack and go backward into the code that initiated this API call. |
|
|
|
|
|
|
DLL Export Viewer v1.10
|
|
Hits: 6 |
|
Date added: 04/09/2007 |
|
This utility displays the list of all exported functions and their virtual memory addresses for the specified DLL files. You can easily copy the memory address of the desired function, paste it into your debugger, and set a breakpoint for this memoery address. When this function is called, the debugger will stop in the beginning of this function.
For example: If you want to break each time that a message box is going to be displayed, simply put breakpoints on the memory addresses of message-box functions: MessageBoxA, MessageBoxExA, and MessageBoxIndirectA (or MessageBoxW, MessageBoxExW, and MessageBoxIndirectW in unicode based applications) When one of the message-box functions is called, your debugger should break in the entry point of that function, and then you can look at call stack and go backward into the code that initiated this API call. |
|
|
|
