(Page 5 of 6)   < Prev  1 2 3 4 5 6  Next >

Category: Auditing » Forensics

Added 2001-10-22
by Forix Business Solutions, Inc.
ForixNT is an NT vulnerability scanner...and so much more! ForixNT is a flexible, extensible toolkit that NT administrators can use to automate policy-based security management in a way that fits their infrastructure. Rather than spending $1000's for a commercial product, NT administrators can use ForixNT to collect configuration information from NT systems across the enterprise. For example, ForixNT collects: Host information (Service Pack, HotFixes, modems, trusted domains, etc) Services (state, account each service runs under, etc) Registry key values "Trojan Keys" (see my article, "What you really need to know about network backdoor "trojan" programs"on NT) Audit settings (what events are being audited...if any) EventLog settings (via the Registry) File Permissions (checks for NTFS file system first...even remotely) Registry Permissions Domain Account Policy

Added 2001-10-22
by Arne Vidstrom, arne.vidstrom@ntsecurity.nu
Edit the security event log in Windows NT 4.0 and Windows 2000! WinZapper is the first tool (as far as we know) that will let you remove lines in the security log without clearing the whole log. And it will let you do this while Windows is running.

Forensic Toolkit
Added 2001-10-22
by jd.glaser@foundstone.com
This tool is a file properties analyzer. Examine the files on a disk drive for unauthorized activity. Lists files by their last access time, search for access times between certain time frames, scan the disk for hidden files, data streams. Dump file and security attributes. Report on audited files. Discover altered ACL's. See if a server reveals too much info via NULL sessions.

Added 2001-10-22
by Jeff Tranter, tranter@pobox.com
The 'audit' program recursively searches through directories looking for files that may not be needed or have strange permissions, ownership, etc. It is intended to help people clean up their accounts and find hidden problems.

Added 2001-10-22
by Daniel Ridge, newt@scyld.com
The Linux kernel includes a powerful, filesystem independant mechanism for mapping logical files onto the sectors they occupy on disk. While this interface is nominally available to allow the kernel to efficiently retrieve disk pages for open files or running programs, an obscure user-space interface does exist. This is an interface which can be handily subverted (with bmap and friends) to perform a variety of functions interesting to the computer forensics community, the computer security community, and the high-performance computing community.

Added 2001-10-22
by Simple Nomad, thegnome@razor.bindview.com
Tfn2k (DDOS attack tool) asks for a password during the build, which is used to prevent someone from recovering the password from the td or tfn binaries. Tfn2kpass allows recovery of the tfn2k password from recovered tfn2k binaries. Recovers from Intel-based Unix and Sun binaries. Can be used in forensics, to command a whole flood network to send you mail letting you know all the machines infected, or to command an attack to stop if you can recover a binary.

Rivat dscan
Added 2001-10-22
by xtremist@hobbiton.org
Distributed scanning is not only feasible, there are already distributed scanning tools out in public. They aren't very advanced yet (regarding stealth, etc.), but they show that the distributed concept is very easy to implement into scanning tools. RIVAT DSCAN is a distributed scanning tool written in PERL.

Added 2001-10-22
by unknown
ARP "man in the middle" attack tool. Requires Libnet 1.00.

Forensic Toolkit
Added 2001-10-22
by NT Objectives
The Forensic ToolKit contains several Win32 Command line tools that can help you examine the files on a NTFS disk partition for unauthorized activity. List files by their last access time, search for access times between certain time frames, scan the disk for hidden files, data streams. Dump file and security attributes. Report on audited files. Discover altered ACL's. See if a server reveals too much info via NULL sessions.

Added 2001-10-22
by NTObjectives
AFind lists files by their last access time without tampering the data the way that right-clicking on file properties in Explorer will. AFind allows you to search for access times between certain time frames, coordinating this with logon info provided from ntlast, you can to begin determine user activity even if file logging has not been enabled.

Search Tools
Browse by category
Log Analysis, Host, Passwords, Network, File Integrity, PSTN, Forensics, Backdoors, Source Code
Passwords, Filesystem, Network, System, Compiler, Log Management, Usage Monitoring, Email
One Time Passwords, User Authentication, Password Management, Web, Server, Certificates, Tokens
Intrusion Detection
Network, Host, Web, Evasion
Access Control
Network, Firewall, user privileges, RPC, Bootup, File System, Applications, Mandatory Access Control, Server, X-Windows, ACLs, Privileges
Libraries, Applications
Libraries, Random Numbers, Traffic Encryption, Data Encryption, Cryptoanalysis, Steganography, E-mail
Network Monitoring
Policy Enforcement
Web Access, Email
System Security Management
Accounts, Console, Windows NT, Firewall, Configuration, Filesystem, Linux, Solaris, Monitoring
Network Utilities
Tunneling, Miscellaneous, Monitoring
Secure Deletion
Linux, FreeBSD, NT, Solaris
Hostile Code
Detection, Removal, Sandbox


Privacy Statement
Copyright 2010, SecurityFocus