Security Basics mailing list archives
Re: What files to watch??
From: H Carvey <keydet89 () yahoo com>
Date: 21 May 2003 17:12:02 -0000
In-Reply-To: <Law15-F100zGNsokLQ800000f5e () hotmail com> Chris,
Lacking funds and a GPL alternative, I went ahead a
wrote a
scanner using perl and the Digest::Md5 module.
I'd like to applaud your initiative. I've done the same, and have written some pretty cool monitoring and analysis tools, in Perl for the Win32 systems.
Anyone have a good idea on how to get it to produce more useable detections?
Well, that really sort of depends on your infrastructure, policies, etc., doesn't it? However, here are some things you might consider: 1. Malware tends to target files in %WINDIR%, as well as the system32 directory. 2. Something to add to the monitoring program might be checking of the contents of the Run key, as well as others. 3. You might consider explicitly looking at application files, such as those located in the Program Files directory. HTH, Harlan --------------------------------------------------------------------------- Thinking About Security Training? You Can't Afford Not To! Vigilar's industry leading curriculum includes: Security +, Check Point, Hacking & Assessment, Cisco Security, Wireless Security & more! Register Now! --UP TO 30% off classes in select cities-- http://www.securityfocus.com/Vigilar-security-basics ----------------------------------------------------------------------------
Current thread:
- What files to watch?? Chris Berry (May 21)
- Re: What files to watch?? Drew Flickema (May 22)
- RE: What files to watch?? Jeffrey Rivero (May 22)
- lan statistic tool Dejan (May 23)
- Re: lan statistic tool Daniel Cid (May 26)
- lan statistic tool Dejan (May 23)
- <Possible follow-ups>
- Re: What files to watch?? Geoffrey Shorter (May 22)
- LanGuard Problem Louie (May 23)
- Re: What files to watch?? H Carvey (May 22)
- RE: What files to watch?? Chris Berry (May 23)
- Re: What files to watch?? Chris Berry (May 23)