Tools

pspy – unprivileged linux process snooping

pspy is a command line tool designed to snoop on processes without need for root permissions. It allows you to see commands run by other users, cron jobs, etc. as they execute. Great for enumeration of Linux systems in CTFs. Also great to demonstrate your colleagues why passing secrets as arguments on the command line is a bad idea. The tool gathers it’s info from procfs scans. Inotify watchers placed on selected parts of the file system trigger these scans to catch short-lived processes. Getting started Get the tool onto the Linux machine you want to inspect. First get the […]

forkstat

Forkstat is a program that logs process fork(), exec() and exit() activity. It is useful for monitoring system behaviour and to track down rogue processes that are spawning off processes and potentially abusing the system. Note that forkstat uses the Linux netlink connector to gather process activity and this may miss events if the system is overly busy. Netlink connector also requires root privilege. forkstat command line options: -d strip off the directory path from the process name -D specify run duration in seconds. -e select which events to monitor. -h show brief help summary -l set stdout to line-buffered […]

ZoomIt

Introduction ZoomIt is a screen zoom and annotation tool for technical presentations that include application demonstrations. ZoomIt runs unobtrusively in the tray and activates with customizable hotkeys to zoom in on an area of the screen, move around while zoomed, and draw on the zoomed image. I wrote ZoomIt to fit my specific needs and use it in all my presentations. ZoomIt works on all versions of Windows and you can use pen input for ZoomIt drawing on tablet PCs. Using ZoomIt The first time you run ZoomIt it presents a configuration dialog that describes ZoomIt’s behavior, let’s you specify […]