From: killy (killfactory@gmail.com)
Date: Wed Jun 14 2006 - 13:24:44 EDT
I would BETA test for you ;-)
On 6/14/06, killy <killfactory@gmail.com> wrote:
> I would try it out.
>
> On 6/13/06, Marcos Marrero <mmarrero@lloydstsb-usa.com> wrote:
> > I believe that you application would be of great help. I too audit AD
> > environments fairly regularly and this tool would help tremendously...
> >
> >
> >
> > -----Original Message-----
> > From: Petr.Kazil@eap.nl [mailto:Petr.Kazil@eap.nl]
> > Sent: Tuesday, June 13, 2006 11:45 AM
> > To: pen-test@securityfocus.com
> > Subject: Checking - will this Windows audit-tool be useful?
> >
> >
> > I'm working on a Windows audit tool. I will probably build it anyway,
> > because I can use it myself and it's a fun project. But to be sure, I
> > would
> > like to check if it's not already out there somewhere.
> >
> > A longish explanation:
> >
> > I do a lot of Windows / Active Directory audits. Until now I used the
> > traditional tools like Dumpsec, Hyena, pstools and a lot of the built in
> > Windows commands.
> >
> > But a lot of the information that I need, is already present in one
> > single
> > file. If I run "csvde -f outputfile.txt" then I have the core data of
> > Active Directory in my hands. Almost all the data in Dumpsec (and much
> > more) is present in the csvde-file.
> >
> > The charm of using this file, is that you don't need to run any tools on
> > the client's infrastructure. In a few cases an admin was willing to send
> > the (strongly encrypted) file by e-mail and I could start my audit right
> > away without taking much of his time.
> >
> > I have written a set of scripts in VBScript that parse and analyze the
> > csvde file and produce interesting data like: statistics, "dead"
> > accounts,
> > administrator groups and memberships, OU-trees and policies, domain
> > policies, computer OS-versions, account settings, etc.
> >
> > At the moment I'm rewriting the scripts into a decent application in
> > Visual
> > Basic 2005, as an exercise with this language.
> >
> > My question:
> >
> > Do you think anyone will be interested in this tool when I'm finished?
> >
> > I know I'm reinventing the wheel a bit - but I've successfully used
> > csvde-file data in the past, so I hope others might be interested too.
> >
> > This email has been scanned for all viruses by the MessageLabs SkyScan
> > service.
> >
> > **********************************************************************
> > This Email is intended for the exclusive use of the addressee only.
> > If you are not the intended recipient, you should not use the
> > contents nor disclose them to any other person and you should
> > immediately notify the sender and delete the Email.
> >
> > Lloyds TSB Bank plc is registered in England and Wales Number: 2065.
> > Registered office: 25 Gresham Street, London EC2V 7HN.
> >
> > **********************************************************************
> >
> >
> > This email has been scanned for all viruses by the MessageLabs SkyScan
> > service.
> >
> > ------------------------------------------------------------------------------
> > This List Sponsored by: Cenzic
> >
> > Concerned about Web Application Security?
> > Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
> > Choice Award from eWeek. As attacks through web applications continue to rise,
> > you need to proactively protect your applications from hackers. Cenzic has the
> > most comprehensive solutions to meet your application security penetration
> > testing and vulnerability management needs. You have an option to go with a
> > managed service (Cenzic ClickToSecure) or an enterprise software
> > (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
> > help you: http://www.cenzic.com/news_events/wpappsec.php
> > And, now for a limited time we can do a FREE audit for you to confirm your
> > results from other product. Contact us at request@cenzic.com for details.
> > ------------------------------------------------------------------------------
> >
> >
>
------------------------------------------------------------------------------
This List Sponsored by: Cenzic
Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@cenzic.com for details.
------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:06 EDT