Sunday, June 17, 2012

Father’s Day Linkage - Tie Down Edition

cc image credit image by Fernando de Sousa on flickr

hu5lzpuq.q0o

Happy Father’s Day!

Here is a real varied collection of links. Enjoy!

Security Solids

Firefox Paisleys

In my last GSD post, I touched a bit on some issues I was having with Firefox 13 and Flash.  My issues may or may not have been related to these, however there are some serious headaches for Firefox 13 and Flash users.

Sysadmin Stripes

  • Malware Hunting with the Sysinternals Tools -  TechEd North America 2012 \ Channel 9 - A new presentation video from Mark Russinovich on using Sysinternals Tools to do some malware thumpin! Watch streaming or pick from one of two formats for direct downloading and viewing later. This presentation includes real-case reviews as well as a live analysis of a Stuxnet infection. Sweet!
  • Windows Exploratory Surgery with Process Hacker - SANS Windows Security Blog - Jason Fossen shares PDF version of his presentation primarily using the freeware tool "Process Hacker”.  It is a really great review of the different angles one can take with a limited tool-set.

    That got me thinking a bit. Process Hacker has matured quite a lot since I last downloaded a copy and the new one certainly has more polish on it. I went through my utility pile and offer below some other great freeware utility process-monitoring tools you may be interested in visiting again.
    • Process Explorer - Sysinternals - One ring to rule them all. Still the very first utility I place on my Windows systems and swap out the default Task-Manager with. It continues to be upgraded so if you haven’t got the latest version for a while, you are missing out!
    • System Explorer - This one also has grown up quite a bit from my last download a few years ago. I like the tabbed interface. The “Performance View” tab is very neat. Process Explorer’s graphs are still a bit more detailed looking but it doesn’t provide an all-in-one dashboard view like System Explorer offers.

      rr3vncbu.y40
    • Daphne - Not as GUI pretty as the others, but what it lacks in pretty it more than makes up in back-to-basics tightness.
    • Process Viewer for Windows - This project hasn’t been updated in a while but again, the “latest” update was still fresher than the one I’ve been carrying around for quite a while. This one is a bit more feature basic. If you aren’t ready for the power of some of these other process utility tools, but need more detail than the default Windows Task Manager (at least in XP) then this may be a friendly choice.
    • ProcessActivityView and  ProcessThreadsView - These two application from NirSoft compliment each other nicely.
    • NoVirusThanks EXE Radar Pro - Provides process monitoring and alerting as well as to kill processes on demand.
    • ESET SysInspector - This is a complex, single-file-executable. It provides detailed information on running processes as well heuristics reporting on items found. I find it particularly helpful in assessing a system. It may not tell me exactly what is going on, but it often will help be refine my focus a bit.
  • WHITEPAPER: Windows PowerShell 3.0 and Server Manager Quick Reference Guides - Kurt Shintaku's Blog

I learned this week about a “honeypot” project that attempts to capture USB-seeking virus/malware by creating a virtual USB-drive honeypot. This is a cool project and I hope it continues to see success in development.

More interesting tips for admins…

Network Knitted

  • ARP Scans - A Ping Alternative - LoveMyTool blog video presentation by Tony Fortunato.What’s really going on the wire with Colasoft MAC Scanner Free.
  • Script to resolve hostnames to IP address - Computer Security Forum. Recently I was presented with a massive list of Hostnames for PC’s on our network. The assignment was quite simple, provide the associated IP addresses.  No problem, I could manually ping each one by hostname, copy the result (if alive) and paste into my spreadsheet. Well, no. I wanted to go home to my family that night. Instead I found and ran this nice simple script against a cleaned up text-file of the Hostnames. My success ratio for IP grabs was over 90%. The other 10% required some manual followup (systems turned off, shelved, etc.) but it made quick work. I wasn’t able to find a good free GUI-based alternative, but this did the job wonderfully.
  • Extracting DNS queries - NETRESEC Blog - Either by Tshark or NetworkMiner.

Utility Dotted

Foresensically Checked

Cheers!

--Claus V.

1 comment:

DaveN said...

KickA$$ Feed of Digital Bits. TYVM Claus