don't forget that you can change the output on some of those tools and dump into a csv (i.e. psloglist). you also can pipe the output into find or findstr to look for specific items.
You can create some great batch files to automate some tasks as well. reswob On Fri, Feb 12, 2010 at 8:28 AM, Josh Ciceraro <[email protected]>wrote: > Another tool I like is streams. You can use this to scan for alternate > data streams. I found netcat on a box with this once. On another note, has > anyone ever looked at any of the Windows Internals Books? I am thinking > about buying the 4th ( > http://www.amazon.com/Microsoft-Windows-Internals-4th-Server/dp/0735619174/ref=sr_1_2?ie=UTF8&s=books&qid=1265909914&sr=1-2) > and 5th ( > http://www.amazon.com/Windows%C2%AE-Internals-Including-Windows-PRO-Developer/dp/0735625301/ref=sr_1_1?ie=UTF8&s=books&qid=1265909914&sr=1-1) > editions > > Thanks for the link to the malware analysis video. I started watching it > last night and what little I saw I liked. Gonna finish it today at work. > > > > > On Thu, Feb 11, 2010 at 8:52 PM, Tim Mugherini <[email protected]> wrote: > >> For those who forget your USB drive of tools while on the job >> >> http://live.sysinternals.com/ >> >> Also if you like the tools - I came across this Malware Analysis video >> from Mark Russinovich (author of the sysinternals suite) a couple of >> years back. For those not familiar with the tools , its definitely >> worth a watch. >> >> My personal Fav tool/feature would be the dumping of strings from >> volatile memory using process explorer >> >> Here's the video >> >> http://www.microsoft.com/emea/spotlight/sessionh.aspx?videoid=359 >> >> >> On Thu, Feb 11, 2010 at 7:32 PM, Matthew Lye <[email protected]> wrote: >> > I went a cached the site, especially all the source code. >> > Never know if MS is going to let a good thing keep going. >> > -Matthew Lye >> > >> > You can do anything you set your mind to when you have vision, >> > determination, and and endless supply of expendable labor. >> > <No trees were harmed during this transmission. However, a great number >> of >> > electrons were terribly inconvenienced> >> > >> > >> > On Fri, Feb 12, 2010 at 6:41 AM, Jack Daniel <[email protected]> >> wrote: >> >> >> >> One thing MS did right when they bought Sysinternals was bundle all of >> >> the tools in a single compressed file for easier download. >> >> >> >> So, who else dropped everything a few years ago when the MS >> >> acquisition of Sysinternals was announced and downloaded copies of >> >> everything they could find? >> >> >> >> Jack >> >> >> >> >> >> On Thu, Feb 11, 2010 at 2:23 PM, Josh Ciceraro < >> [email protected]> >> >> wrote: >> >> > I always put process explorer on all of my machines. It puts the >> task >> >> > manager to shame. Microsoft should be embarrassed. Psexec is >> another >> >> > awesome tool. I have just recently started using process monitor and >> >> > the >> >> > information you can get from it is just awesome. >> >> > >> >> > On Thu, Feb 11, 2010 at 1:34 PM, Butturini, Russell >> >> > <[email protected]> wrote: >> >> >> >> >> >> Absolutely. Sysinternals tools are the BEST for forensics, >> >> >> troubleshooting, systems management…Anything under the sun! I use >> >> >> psinfo, >> >> >> psloggedon, pslist,listdlls, and logonsessions in my forensics >> toolkit, >> >> >> and >> >> >> use process explorer as well when investigating malware. >> >> >> >> >> >> >> >> >> >> >> >> ________________________________ >> >> >> >> >> >> From: [email protected] >> >> >> [mailto:[email protected]] On Behalf Of Tyler >> >> >> Robinson >> >> >> Sent: Thursday, February 11, 2010 12:27 PM >> >> >> To: PaulDotCom Security Weekly Mailing List >> >> >> Subject: Re: [Pauldotcom] Sysinternals >> >> >> >> >> >> >> >> >> >> >> >> From both a white and grey hat perspective I love erd commander and >> >> >> pstools especially psexec I would be lost without psexec. >> >> >> >> >> >> On Feb 11, 2010 11:23 AM, "Josh Ciceraro" <[email protected]> >> >> >> wrote: >> >> >> >> >> >> Hello, >> >> >> >> >> >> I was wondering if anyone here in the group uses any of the >> >> >> sysinternals >> >> >> tools and what are some favorites. I really like autoruns, process >> >> >> explorer, and process monitor. Disk2Vhd seems pretty promising, >> though >> >> >> I >> >> >> haven't played with it yet. >> >> >> >> >> >> -- >> >> >> kaizoku Josh >> >> >> >> >> >> _______________________________________________ >> >> >> Pauldotcom mailing list >> >> >> [email protected] >> >> >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> >> >> Main Web Site: http://pauldotcom.com >> >> >> >> >> >> >> >> >> >> >> >> >> ****************************************************************************** >> >> >> This email contains confidential and proprietary information and is >> not >> >> >> to >> >> >> be used or disclosed to anyone other than the named recipient of >> this >> >> >> email, >> >> >> and is to be used only for the intended purpose of this >> communication. >> >> >> >> >> >> >> >> >> >> ****************************************************************************** >> >> >> >> >> >> _______________________________________________ >> >> >> Pauldotcom mailing list >> >> >> [email protected] >> >> >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> >> >> Main Web Site: http://pauldotcom.com >> >> > >> >> > >> >> > >> >> > -- >> >> > kaizoku Josh >> >> > >> >> > _______________________________________________ >> >> > Pauldotcom mailing list >> >> > [email protected] >> >> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> >> > Main Web Site: http://pauldotcom.com >> >> > >> >> >> >> >> >> >> >> -- >> >> ______________________________________ >> >> Jack Daniel, Reluctant CISSP >> >> http://twitter.com/jack_daniel >> >> http://www.linkedin.com/in/jackadaniel >> >> http://blog.uncommonsensesecurity.com >> >> _______________________________________________ >> >> Pauldotcom mailing list >> >> [email protected] >> >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> >> Main Web Site: http://pauldotcom.com >> > >> > >> > _______________________________________________ >> > Pauldotcom mailing list >> > [email protected] >> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> > Main Web Site: http://pauldotcom.com >> > >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> > > > > -- > kaizoku Josh > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
