IMMUNITY : Knowing You're Secure

Drosera - D2 Live Forensics Pack

Drosera is the new pack of tools from DSquare Security. After spending a lot of our efforts on exploit and rootkit technologies, we decided to create a new kind of live forensics framework.

All our offensive knowledge is now also used to capture and digest hidden activities on your IT. The first release provides about 40 modules for Windows based rootkits, from hidden processes to advanced kernel modifications detection:

Standalone, requires no installation at all (made to be used from a USB key or from a network share). [See a sample video]

Basic checks for hidden processes, registry entries, connections, drivers. Based on top of the modules, they provide something really easy and fast to run.

Optional interactive shell

Most modules run on all versions of Windows (XP, 2003, Vista) both 32 and 64 bits

Kernel detection modules are limited to XP/2003 32 bits (we are working on 64 bits compatibility)

Generates HTML reports [See a sample report]

Live forensics (no reboot or memory dumps)

Does not modify anything on the system (no new files, no hooks, no registry entries, ...)

All modules are provided with documentation

Unlike public anti-rootkit software, our framework is actively maintained based on rootkit evolution. For customized modules, please contact us at info@d2sec.com.

	CANVAS
	Screenshot Gallery
	Documentation
	Tutorials
	Dependencies
	System Requirements
	CANVAS Early Updates
	CANVAS/D2/Nessus Bundle
	VisualSploit Plugin

	STRATEGIC CANVAS
	SWARM
	Wireless Assessment
	SILICA

	Reversing/Debugging
	Immunity Debugger

	CANVAS Exploit Packs
	Gleg - Agora
	Gleg - SCADA+
	DSquare - D2
	IntevyDis - VulnDisco
	Enable - VoIPPack

	Forensics/Defense
	El Jefe
	Drosera - D2 Live Forensics Pack

	GPL
	Hydrogen
	Web
	D2 Elliot