RE: Hackers in the House

["Don Parker" <dparker () bridonsecurity com>]

Unless I am missing something here, there was no mention of the initial way
in and how that resulted in what I assume in SYSTEM level access.

Saludos,

Don 

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Alexander Bolante
Sent: Thursday, September 21, 2006 12:05 PM
To: Mark Ryan del Moral Talabis
Cc: security-basics () securityfocus com
Subject: Re: Hackers in the House

Ryan,

Very interesting, but yes, this case is a good example of typical hacker
behavior. btw The backdoor tool used - mt.exe - is a common process
registered as a backdoor vulnerability.

Thanks for sharing.
Alexander

On 9/21/06, Mark Ryan del Moral Talabis <talabis () gmail com> wrote:
> This is a step by step analysis of an actual "break-in" in one of our 
> honeypots. The case exemplifies the typical hacker methodology / 
> behaviour in the first phases of a compromise.
>
> http://www.philippinehoneynet.org/dataarchive.php?date=2006-07-24
>
> Regards,
> Ryan
>
> --
> Mark Ryan del Moral Talabis
> MS GSEC MCP PTRP
>
> The Philippine Honeynet Project
> http://www.philippinehoneynet.org
>
> ----------------------------------------------------------------------
> ----- This list is sponsored by: Norwich University
>
> EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has 
> designated Norwich University a center of Academic Excellence in 
> Information Security. Our program offers unparalleled Infosec 
> management education and the case study affords you unmatched consulting
experience.
> Using interactive e-Learning technology, you can earn this esteemed 
> degree, without disrupting your career or home life.
>
> http://www.msia.norwich.edu/secfocus
> ----------------------------------------------------------------------
> -----


--
DISCLAIMER
This message contains confidential information and is intended only for the
individual named. If you are not the named addressee you should not
disseminate, distribute or copy this e-mail. Please notify the sender
immediately by e-mail if you have received this e-mail by mistake and delete
this e-mail from your system.

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has
designated Norwich University a center of Academic Excellence in Information
Security. Our program offers unparalleled Infosec management education and
the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------



---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------