RE: Info collection

From: Michael Shirk (shirkdog@cryptomail.org)
Date: Fri Aug 06 2004 - 08:00:15 EDT


There are alot of other tools. You seem to be speaking of Windows and *nix.
For Windows, I would add tcpview from sysinternals which is a GUI realtime traffic monitor for ports and processes.
Also, just use PHLAK or AUDITOR bootable linux distros, designed for security and forensics to work with Windows and *nix.
Sleuthkit also with Autopsy is available on PHLAK, or just search google and try it out.
-----Original Message-----
From: JeffG@kizan.com [mailto:JeffG@kizan.com]
Sent: Wednesday, August 04, 2004 11:02 AM
To: pen-test@securityfocus.com
Subject: Info collection
Importance: Low
I am attempting to refine my methods of evaluating servers and am
wondering what information you all gather during an assessment on
various platforms. These would be run on the target machines with
privileged accounts (root or administrator). They should be scriptable
& statically compiled or at least not have any unusual dependencies.
Examples:
Fport
Portqryv2
LADS
Dumpwin
Lsof
Netstat -an / -ln
Tiger
Hfnetchk
Msinfo32
Winmsd

!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+
CryptoMail provides free end-to-end message encryption.
http://www.cryptomail.org/ Ensure your right to privacy.
Traditional email messages are not secure. They are sent as
clear-text and thus are readable by anyone with the motivation
to acquire a copy.
!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:58 EDT