Windows Incident Response Script
I have taken some time to write an incident response script using only the resources provided by the Windows operating system. You can find out the why by reading the article I wrote titled Windows...
View ArticleYara – Scout Sniper Initial Release
After reading about Yara in the Got Your Yara? post at Windows Incident Response I decided to try to see what I could do to make Yara portable. To this end I have started the Yara – Scout Sniper...
View ArticleConficker/Downadup – Securing The Internet
I have to say one thing for the rash of Conficker/Downadup infected systems that are plaguing businesses around the world: This malware is helping the overall security of the Internet. Once we are...
View ArticleScout Sniper v0.2 Released
I just updated the Scout Sniper page with a new release of the tool. Actually, this tool was originally called Yara-Scout Sniper but I changed the name because of the new functionality that was added....
View ArticleShould you be thinking about Virut?
While everybody has been busy responding to Conficker/Downadup a nasty little virus loosely known as Virut has begun to make itself known. When I first heard about this a co-worker pointed me to a new...
View ArticleDid Mandiant’s Audit Viewer find something in Conficker?
I was learning how to use Mandiant’s Memoryze the other day and having a bit of trouble getting to know the XML configuration files. My real task was to get Memoryze working with memory shared from a...
View ArticleMalware Characteristics Report – Trojan.RegSubsDat.A
A while back Harlan posted Looking for “Bad Stuff”, pt III (Malware Detection). In this post he outlined a method of talking about malware so that it could be more easily understood during an incident...
View ArticleAnti-Virus For All
I have been a part of many conversations about Linux-based systems running Anti-virus. To date my best examples for saying that it should be taken into consideration has been that it ensures that your...
View ArticleMalware IN Registry a.k.a If It Can’t Be Done, Why Am I Looking At It?
I have to say that reading the Windows Incident Response blog has been very useful on several occasions. Particularly last month while helping at a client’s site. I had been called in to assist with...
View ArticleSyscombotln and Tools Update
System Combo Timeline: The syscombotln tool has been updated to fix several bugs and time/date issues. I have also decided to stop being lazy and updated all of the internal modules and external...
View Article
More Pages to Explore .....