Post break-in forensics

From: Alfred Huger (ah@securityfocus.com)
Date: Mon Mar 24 2003 - 11:14:00 EST

• Next message: Dave Aitel: "Re: Net:telnet exploit"
• Previous message: Balwant Rathore: "RE: Pen Test Study Group in Mumbai"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hey Folks,

IDS Logs in Forensics Investigations: An Analysis of a Compromised
Honeypot
by Alan Neville

This paper will deconstruct the steps taken to conduct a full analysis of
a compromised machine. In particular, we will be examining the tool that
was used to exploit a dtspcd buffer overflow vulnerability, which allows
remote root access to the system. The objective of this paper is to show
the value of IDS logs in conducting forensics investigations.

http://www.securityfocus.com/infocus/1676

Alfred Huger
Symantec Corp.

----------------------------------------------------------------------------
Did you know that you have VNC running on your network?
Your hacker does. Plug your security holes now!
Download a free 15-day trial of VAM:
http://www2.stillsecure.com/download/sf_vuln_list.html

• Next message: Dave Aitel: "Re: Net:telnet exploit"
• Previous message: Balwant Rathore: "RE: Pen Test Study Group in Mumbai"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:31 EDT