RE: Checking - will this Windows audit-tool be useful?

From: Marcos Marrero (mmarrero@LLOYDSTSB-USA.com)
Date: Tue Jun 13 2006 - 14:54:54 EDT


I believe that you application would be of great help. I too audit AD
environments fairly regularly and this tool would help tremendously...

-----Original Message-----
From: Petr.Kazil@eap.nl [mailto:Petr.Kazil@eap.nl]
Sent: Tuesday, June 13, 2006 11:45 AM
To: pen-test@securityfocus.com
Subject: Checking - will this Windows audit-tool be useful?

I'm working on a Windows audit tool. I will probably build it anyway,
because I can use it myself and it's a fun project. But to be sure, I
would
like to check if it's not already out there somewhere.

A longish explanation:

I do a lot of Windows / Active Directory audits. Until now I used the
traditional tools like Dumpsec, Hyena, pstools and a lot of the built in
Windows commands.

But a lot of the information that I need, is already present in one
single
file. If I run "csvde -f outputfile.txt" then I have the core data of
Active Directory in my hands. Almost all the data in Dumpsec (and much
more) is present in the csvde-file.

The charm of using this file, is that you don't need to run any tools on
the client's infrastructure. In a few cases an admin was willing to send
the (strongly encrypted) file by e-mail and I could start my audit right
away without taking much of his time.

I have written a set of scripts in VBScript that parse and analyze the
csvde file and produce interesting data like: statistics, "dead"
accounts,
administrator groups and memberships, OU-trees and policies, domain
policies, computer OS-versions, account settings, etc.

At the moment I'm rewriting the scripts into a decent application in
Visual
Basic 2005, as an exercise with this language.

My question:

Do you think anyone will be interested in this tool when I'm finished?

I know I'm reinventing the wheel a bit - but I've successfully used
csvde-file data in the past, so I hope others might be interested too.

This email has been scanned for all viruses by the MessageLabs SkyScan
service.

**********************************************************************
This Email is intended for the exclusive use of the addressee only.
If you are not the intended recipient, you should not use the
contents nor disclose them to any other person and you should
immediately notify the sender and delete the Email.

Lloyds TSB Bank plc is registered in England and Wales Number: 2065.
Registered office: 25 Gresham Street, London EC2V 7HN.

**********************************************************************

This email has been scanned for all viruses by the MessageLabs SkyScan
service.

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@cenzic.com for details.
------------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:05 EDT