Fport might come in handy.
I'm guessing you want 'clean' versions of everything because who knows what
is running on the box itself or what has been modified.
How will you be able to trust that the cmd window that you run some of these
from is legit? Or that it will run at all?
Maybe a cmd alternative will help, too.
Fciv so you could check hashes?
Regalyzer?

Will you image the machines before allowing the support guys to do their
stuff?

> >-----Original Message-----
> >From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]]
> >On Behalf Of exzactly
> >Sent: Thursday, November 05, 2009 4:27 AM
> >To: security-basics (at) securityfocus (dot) com [email concealed]
> >Subject: Security Toolkit for dummies
> >
> >I am currently working on a (free)toolkit to pass down to Tier 3 and Tier
> >2
> >to be used in the event of a breach/infection or suspected
> >breach/infection.
> >In a nutshell I want to give them some tools to use to gain further
> >information about the system and processes and/or malicious tools running
> >on
> >it. This toolkit is designed for a Windows desktop and Server
> >environment. I
> >am looking at building out tools that are fairly easy to use and do not
> >require much training. Currently I have the following tools on it:
> >
> > (SysInternal tools)
> >Autoruns
> >PortMon
> >Process Explorer
> >Process Monitor
> >Ps Tools
> >Logon Sessions
> >
> >Other tools:
> >Adaware
> >
> >
> >Is there anything else folks out there are using to provide their lower
> >level support guys with some tools for informational gathering
> >purposes....the tools have to run offline as systems are removed in the
> >event of a breach or infection...I am not looking for a full blown
> >forensics
> >kit, just something I can train folks unfamiliar with tool fairly
> >quickly...
> >
> >
> >-----------------------------------------------------------------------
-
> >Securing Apache Web Server with thawte Digital Certificate
> >In this guide we examine the importance of Apache-SSL and who needs an
> >SSL certificate. We look at how SSL works, how it benefits your company
> >and how your customers can tell if a site is secure. You will find out
> >how to test, purchase, install and use a thawte Digital Certificate on
> >your Apache web server. Throughout, best practices for set-up are
> >highlighted to help you ensure efficient ongoing management of your
> >encryption keys and digital certificates.
> >
> >http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be44
2f
> >727d1
> >-----------------------------------------------------------------------
-

------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------

[ reply ]