Before pausing from reading email for a few hours, I'd like to take a moment to redirect your attention to a little advertised and even more infrequently used Incident Response and investigative feature hosted here on the ISC SANS portal. That feature is SecCheck, developed by MyNetWatchman, and offered to the Storm Center to assist in investigating suspicious and potentially malicious activity on hosts running the Windows family of operating systems.
The Storm Center deployment of SecCheck is hosted at http://isc.sans.org/seccheck/ and does require the use of Internet Explorer. IE is required for this execution as our deployment is implemented in the form of an ActiveX DLL that executes in the context of your browser to analyze and deliver IR run-time reporting for the currently running workstation session. Execution of the tool will result in the report being displayed on your workstation as well as being posted back to the Storm Center host for our review, and enables the handlers to assist you more directly.
Among the run-time details that are reported include:
There are additional developments available at http://www.mynetwatchman.com including standalone SecCheck binaries that offer additional features.
Handler on Duty!
May 12th 2006
|Thread locked Subscribe||
May 12th 2006
1 decade ago