Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: tools to run on compromised linux box

From: "Nikhil Wagholikar" <visitnikhil () gmail com>
Date: Wed, 6 Aug 2008 19:46:40 +0530
Hi Lister,

Since the Linux machine is already compromised, its recommended to
boot into an alternate operating system and start investigating the
compromised system. There are many Bootable Forensics CDs out in
market one of the popular out of them is HELIX.

Besides this, NII Consulting has developed a open source tool named
'LINReS', which is used to perform Live incident response of a
compromised Linux machine. LINReS is basically a software/tool in
which all the useful Linux commands (such as netstat, netcat, lsof,
dir, ls, ps etc) are statically compiled and packed in an archive.
Hence an Forensic investigator can easily relay on LINReS, since you
may never know, if the commands/binaries of the compromised Linux
machines are replaced by hacker i.e. root kitted.

More Information:

Helix: http://www.e-fense.com/helix/downloads.php

LINReS: http://www.niiconsulting.com/innovation/linres.html

Best of Luck !!

---
Nikhil Wagholikar
Practice Lead | Security Assessment
NII Consulting
Web: http://www.niiconsulting.com/
Security Products: http://www.niiconsulting.com/products.html



On Wed, Aug 6, 2008 at 5:20 AM, <lister () lihim org> wrote:


Can anyone recommend some tools to run on a compromised linux
box to determine if there is further infestation? (rootkits, etc).
Previous By Date Next
Previous By Thread Next

Current thread: