|
(Page 5 of 6) < Prev 1 2 3 4 5 6 Next > Category: Auditing » Forensics ForixNT Added 2001-10-22 ForixNT is an NT vulnerability scanner...and so much more! ForixNT is a flexible, extensible toolkit that NT administrators can use to automate policy-based security management in a way that fits their infrastructure. Rather than spending $1000's for a commercial product, NT administrators can use ForixNT to collect configuration information from NT systems across the enterprise. For example, ForixNT collects: Host information (Service Pack, HotFixes, modems, trusted domains, etc) Services (state, account each service runs under, etc) Registry key values "Trojan Keys" (see my article, "What you really need to know about network backdoor "trojan" programs"on NT) Audit settings (what events are being audited...if any) EventLog settings (via the Registry) File Permissions (checks for NTFS file system first...even remotely) Registry Permissions Domain Account Policy WinZapper Added 2001-10-22 Edit the security event log in Windows NT 4.0 and Windows 2000! WinZapper is the first tool (as far as we know) that will let you remove lines in the security log without clearing the whole log. And it will let you do this while Windows is running. Forensic Toolkit Added 2001-10-22 This tool is a file properties analyzer. Examine the files on a disk drive for unauthorized activity. Lists files by their last access time, search for access times between certain time frames, scan the disk for hidden files, data streams. Dump file and security attributes. Report on audited files. Discover altered ACL's. See if a server reveals too much info via NULL sessions. Audit Added 2001-10-22 The 'audit' program recursively searches through directories looking for files that may not be needed or have strange permissions, ownership, etc. It is intended to help people clean up their accounts and find hidden problems. bmap Added 2001-10-22 The Linux kernel includes a powerful, filesystem independant mechanism for mapping logical files onto the sectors they occupy on disk. While this interface is nominally available to allow the kernel to efficiently retrieve disk pages for open files or running programs, an obscure user-space interface does exist. This is an interface which can be handily subverted (with bmap and friends) to perform a variety of functions interesting to the computer forensics community, the computer security community, and the high-performance computing community. Tfn2kpass Added 2001-10-22 Tfn2k (DDOS attack tool) asks for a password during the build, which is used to prevent someone from recovering the password from the td or tfn binaries. Tfn2kpass allows recovery of the tfn2k password from recovered tfn2k binaries. Recovers from Intel-based Unix and Sun binaries. Can be used in forensics, to command a whole flood network to send you mail letting you know all the machines infected, or to command an attack to stop if you can recover a binary. Rivat dscan Added 2001-10-22 Distributed scanning is not only feasible, there are already distributed scanning tools out in public. They aren't very advanced yet (regarding stealth, etc.), but they show that the distributed concept is very easy to implement into scanning tools. RIVAT DSCAN is a distributed scanning tool written in PERL. ARP MITM Added 2001-10-22 ARP "man in the middle" attack tool. Requires Libnet 1.00. Forensic Toolkit Added 2001-10-22 The Forensic ToolKit contains several Win32 Command line tools that can help you examine the files on a NTFS disk partition for unauthorized activity. List files by their last access time, search for access times between certain time frames, scan the disk for hidden files, data streams. Dump file and security attributes. Report on audited files. Discover altered ACL's. See if a server reveals too much info via NULL sessions. Afind Added 2001-10-22 AFind lists files by their last access time without tampering the data the way that right-clicking on file properties in Explorer will. AFind allows you to search for access times between certain time frames, coordinating this with logon info provided from ntlast, you can to begin determine user activity even if file logging has not been enabled. Browse by category |
|
|
Privacy Statement |
