Another tool I like is streams. You can use this to scan for alternate data streams. I found netcat on a box with this once. On another note, has anyone ever looked at any of the Windows Internals Books? I am thinking about buying the 4th ( http://www.amazon.com/Microsoft-Windows-Internals-4th-Server/dp/0735619174/ref=sr_1_2?ie=UTF8&s=books&qid=1265909914&sr=1-2) and 5th ( http://www.amazon.com/Windows%C2%AE-Internals-Including-Windows-PRO-Developer/dp/0735625301/ref=sr_1_1?ie=UTF8&s=books&qid=1265909914&sr=1-1) editions
Thanks for the link to the malware analysis video. I started watching it last night and what little I saw I liked. Gonna finish it today at work. On Thu, Feb 11, 2010 at 8:52 PM, Tim Mugherini <[email protected]> wrote: > For those who forget your USB drive of tools while on the job > > http://live.sysinternals.com/ > > Also if you like the tools - I came across this Malware Analysis video > from Mark Russinovich (author of the sysinternals suite) a couple of > years back. For those not familiar with the tools , its definitely > worth a watch. > > My personal Fav tool/feature would be the dumping of strings from > volatile memory using process explorer > > Here's the video > > http://www.microsoft.com/emea/spotlight/sessionh.aspx?videoid=359 > > > On Thu, Feb 11, 2010 at 7:32 PM, Matthew Lye <[email protected]> wrote: > > I went a cached the site, especially all the source code. > > Never know if MS is going to let a good thing keep going. > > -Matthew Lye > > > > You can do anything you set your mind to when you have vision, > > determination, and and endless supply of expendable labor. > > <No trees were harmed during this transmission. However, a great number > of > > electrons were terribly inconvenienced> > > > > > > On Fri, Feb 12, 2010 at 6:41 AM, Jack Daniel <[email protected]> > wrote: > >> > >> One thing MS did right when they bought Sysinternals was bundle all of > >> the tools in a single compressed file for easier download. > >> > >> So, who else dropped everything a few years ago when the MS > >> acquisition of Sysinternals was announced and downloaded copies of > >> everything they could find? > >> > >> Jack > >> > >> > >> On Thu, Feb 11, 2010 at 2:23 PM, Josh Ciceraro <[email protected] > > > >> wrote: > >> > I always put process explorer on all of my machines. It puts the task > >> > manager to shame. Microsoft should be embarrassed. Psexec is another > >> > awesome tool. I have just recently started using process monitor and > >> > the > >> > information you can get from it is just awesome. > >> > > >> > On Thu, Feb 11, 2010 at 1:34 PM, Butturini, Russell > >> > <[email protected]> wrote: > >> >> > >> >> Absolutely. Sysinternals tools are the BEST for forensics, > >> >> troubleshooting, systems management…Anything under the sun! I use > >> >> psinfo, > >> >> psloggedon, pslist,listdlls, and logonsessions in my forensics > toolkit, > >> >> and > >> >> use process explorer as well when investigating malware. > >> >> > >> >> > >> >> > >> >> ________________________________ > >> >> > >> >> From: [email protected] > >> >> [mailto:[email protected]] On Behalf Of Tyler > >> >> Robinson > >> >> Sent: Thursday, February 11, 2010 12:27 PM > >> >> To: PaulDotCom Security Weekly Mailing List > >> >> Subject: Re: [Pauldotcom] Sysinternals > >> >> > >> >> > >> >> > >> >> From both a white and grey hat perspective I love erd commander and > >> >> pstools especially psexec I would be lost without psexec. > >> >> > >> >> On Feb 11, 2010 11:23 AM, "Josh Ciceraro" <[email protected]> > >> >> wrote: > >> >> > >> >> Hello, > >> >> > >> >> I was wondering if anyone here in the group uses any of the > >> >> sysinternals > >> >> tools and what are some favorites. I really like autoruns, process > >> >> explorer, and process monitor. Disk2Vhd seems pretty promising, > though > >> >> I > >> >> haven't played with it yet. > >> >> > >> >> -- > >> >> kaizoku Josh > >> >> > >> >> _______________________________________________ > >> >> Pauldotcom mailing list > >> >> [email protected] > >> >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > >> >> Main Web Site: http://pauldotcom.com > >> >> > >> >> > >> >> > >> >> > ****************************************************************************** > >> >> This email contains confidential and proprietary information and is > not > >> >> to > >> >> be used or disclosed to anyone other than the named recipient of this > >> >> email, > >> >> and is to be used only for the intended purpose of this > communication. > >> >> > >> >> > >> >> > ****************************************************************************** > >> >> > >> >> _______________________________________________ > >> >> Pauldotcom mailing list > >> >> [email protected] > >> >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > >> >> Main Web Site: http://pauldotcom.com > >> > > >> > > >> > > >> > -- > >> > kaizoku Josh > >> > > >> > _______________________________________________ > >> > Pauldotcom mailing list > >> > [email protected] > >> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > >> > Main Web Site: http://pauldotcom.com > >> > > >> > >> > >> > >> -- > >> ______________________________________ > >> Jack Daniel, Reluctant CISSP > >> http://twitter.com/jack_daniel > >> http://www.linkedin.com/in/jackadaniel > >> http://blog.uncommonsensesecurity.com > >> _______________________________________________ > >> Pauldotcom mailing list > >> [email protected] > >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > >> Main Web Site: http://pauldotcom.com > > > > > > _______________________________________________ > > Pauldotcom mailing list > > [email protected] > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > > Main Web Site: http://pauldotcom.com > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > -- kaizoku Josh
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
