Sun’s Dtrace application was developed primarily as a tool to help monitor functions on Solaris. According to a pair of security researchers at the Black Hat conference, you can also use Dtrace as the basis for a rootkit-like tool for offensive and defensive security operations.
At the conference, Security researcher Tiller Beauchamp noted that Sun created Dtrace in 2003 released it as part of Solaris 10 in 2005 under the CDDL open source license. Later, Apple incorporated it into Mac OS X Leopard. At its core, Dtrace is a framework for performance observability and debugging in real time. Beauchamp explained that the way it works is you set probes for places you’re interested in and define the action you want to take which is usually some kind of measurement or recording. InternetNews Realtime IT News – Black Hat: Dtrace a Rootkit?
From around the Web
- Windows Vista Service Pack 2 Latest Release Schedule
- Vista SP2: What is inside?
- NetWitness releases free version of security software
- Three Reasons Why Users Won’t Buy Into Security
- Automated security testing & its limitations
- Google Wants to Preinstall Chrome Browser on PCs
- Mozilla warns of Firefox China add on
- Firefox No Longer an Automatic Defense Against Browser Drive Bys
- Google patches Chrome file stealing bug
- Apple plays catch up, adds anti fraud safeguard to Safari
- Researchers find vulnerability in Windows Vista
- How to Use Network Behavior Analysis Tools
- The insider security threat in IT and financial services
- Windows 7 security: An overall improvement?
- Windows 7 UAC could be less of a nag