Details for group Powathan Threat detection framework

General information

• Groupname: powathan
• Users: ndis
• Description:

  A little tribute to an American indian chief. Open source threat detection/analysis framework and assestment tool for Win32 systems. Written mainly in C with own libraries (libpowathan and libraleigh), it uses the Raleigh analysis engine to test and analyse common and uncommon threat patterns, such as resident malware on certain applications/OS system files, common techniques for obfuscating/hiding/hooking/legitimate arbitrary code and/or applications (such as packers, crypters, joiners, low-level backdoors such as NDIS, hyper-visor based, etc), IAT, EAT and SEH hooks, DLL injections, anomalies on ring zero level, binary integrity checks, rootkits at different levels (userland and kernel-land), illegitimate binded TCP ports, suspicious network activity (result of connectback shells, illegal remote activity, remote querying (RPC, NetBIOS, traceroutes, OS fingerprinting, LDAP/SNMP/NFS/etc scanning), and more.

  Currently in beta stage, arranging some modifications for public release. Licenced under the GPL-2 licence.