Hello and welcome to CertForums.co.uk, here we host free active certification forums with links to the best free resources for Microsoft's MCSA MCSE MCDBA Cisco's CCNA CCDA and CCNP, and CompTIA's A+ Network+ i-NET+ and Security+ certifications in the UK. If you wish to post or use other advanced features you will need to register first. Registration is absolutely free and takes only a few minutes to complete so sign up today!
If you have any problems with the registration
process or your account login, please contact support
Built-in Windows commands to determine if a system has been hacked
Quote:
Let's face it, Windows machines get hacked, and in some environments it happens a lot. Fortunately, Microsoft has built numerous tools into Windows so administrators and power users can analyze a machine to determine whether it's been compromised. In this tip, which is the first of a two-part series, I'll cover five useful command-line tools built into Windows for such analysis.
Nice article. To bad they did not screen it better for errors.
For example:
The [N] here is an integer, indicating that WMIC should run the given command every [N] seconds. That way, users can look for changes in the settings of the system over time, allowing careful scrutiny of the output. Using this function to pull a process summary every 5 seconds, users could run:
C:\> wmic process list brief /every:1
Nice article. To bad they did not screen it better for errors.
For example:
The [N] here is an integer, indicating that WMIC should run the given command every [N] seconds. That way, users can look for changes in the settings of the system over time, allowing careful scrutiny of the output. Using this function to pull a process summary every 5 seconds, users could run:
C:\> wmic process list brief /every:1
Tinus, you should send them an email shairing that with them. You never know.
Don't walk in front of me, I may not follow. Don't walk behind me, I may not lead. Walk beside me and just be my friend. (Old Irish Proverb)
The only problem with those tools is that if your computer has been rootkitted those tools can't be trusted as they rely on the system itself to report to them. If the system has been rootkitted it will lie to the tools, and the output from the tools will therefore be useless.
Behold, the turtle. He makes progress only when he sticks his neck out.
The only problem with those tools is that if your computer has been rootkitted those tools can't be trusted as they rely on the system itself to report to them. If the system has been rootkitted it will lie to the tools, and the output from the tools will therefore be useless.
Yup. Once any system is rootkitted it's completely unreliable, so putting forth tools that rely on the system to be truthful when a system has been hacked is at best a very iffy proposition.
That's why Linux tools include tools that run from a cd to check binaries, and system settings. That way they don't depend on the compromised system to check itself.
Behold, the turtle. He makes progress only when he sticks his neck out.
12-Mar-2008, 07:37 AM
Linear Mode
Similar Threads