Security Xploded
 
  |    Home    |    Projects    |    Research    |    Articles     |    Security Tools    |    Download    |    Blog    |    About    |
 
Search
Latest Stuff
 
FireMaster for Firefox version 3
FirePassword for latest Firefox version
Hacker Reversing Challenge 2007 Solution
Make your application Vista UAC compliant
Watch your shares from intruders  
Top Tools
 
NetShareMonitor: Monitor shares from intruders
FireMaster: Recover Firefox master password
FirePassword : Dump Firefox sign-on secrets
RemoteDLL: Remove DLL from process
ProcHeapViewer: Enumerate process heaps
Top Articles
 
Using Rainbow crack to recover Windows password
Rapair Windows registry using BackTrack
Unpack UPX using OllyDbg
Writing PESpin plugin for ImpREC
Decrypting Firefox sign-on secrets
 
 
 
 
 
 
 
 
IceSword
Cool Tool to Break the ICE
 
 
About IceSword
IceSword is the great rootkit detection tool that not many people know. It was coded by a Chinese programmer with a nickname as PJF. Though it is more powerful than any other rootkit detection tools, it hasn’t got much attention that other tools have received.

IceSword can find the rootkits which even top antirootkit softwares (such as Rootkit Revealer, BlackLight, Rootkit Detective etc) failed to detect. However IceSword lack automatic file scanning, registry scanning feature that other anti-rootkits offer.
 
 
IceSword in Action
 
Main Screen of IceSword
 
IceSword's Registry Editor showing SAM entry
 
 
Unmatched Features of IceSword
When it comes to detecting variety of hidden stuffs none of the anti-rootkits can stand near to IceSword. Here are some of the things that IceSword can show you
  • Running Process list
  • Open Port list along with process owning it
  • Loaded Kernel modules
  • System startup programs
  • Windows services
  • Layered Service Provider chain list
  • Browser Helper objects
  • System service descriptor table entries (SSDT)
  • Message Hooks
If it detects any HIDDEN entry then it is shown in RED color. This makes it easy to differentiate between normal and hidden entries.

Other important features of IceSword are registry editor and file browser. Its registry editor is very advanced as you can see all the hidden keys and system keys which are not shown by Windows registry editor. File browser is another integrated tool which will allow you to look for hidden files. In addition to this, you can also use it to copy the locked and system files which cannot be accessed/copied as long as Windows is running. For example you can copy SAM file and registry hive files for password cracking while you are on Windows.
 
 
Missing Part
This tool is meant for advanced users. It can show you the rootkits on your system, but does not have any medicines for it. You have to do that on your own using other tools.
 
 
Conclusion
Some of the powerful features makes IceSword all in one tool and sets it apart from the other rootkit detection tools. But for the author its just the beginning...!
 
 
Download IceSword
 
  IceSword 1.2 English version by PJF. 
 
 
See Also
    IceSword : Author's website
    Uncovering hidden processes on your computer
    ProcNetMonitor: Tool to monitor network activity of process.
    NetShareMonitor: Watch your shares from intruders. 
 
 
 
 
 

Total Hit Count: Hit Count
"security through obscurity is just an illusion"
                                   -anonymous 
For any queries and suggestions, please drop a mail to tnagareshwar at gmail.com
 
 
www.SecurityXploded.com © 2008, All rights reserved by Nagareshwar Talekar.                        Firefox 3