Security Basics mailing list archives
Re: Analyzing Suspicious Attachment
From: zenmasterbob123 () gmail com
Date: 17 Jan 2008 19:35:11 -0000
I can't agree strongly enough with this course of action. There is really no more effective way of knowing what your little intruder is going to do than to put it on a replica of a production machine, on an isolated network segment, and then do what an undereducated user would do, (i.e., double-click the file). Turn on all the logging you can stand, and watch what happens. Not only does it give you some information about the attack (and possibly your attacker, if it wasn't random), but it gives you a great visual aid the next time you run a user education event.
Current thread:
- Re: Analyzing Suspicious Attachment, (continued)
- Re: Analyzing Suspicious Attachment Ali, Saqib (Jan 17)
- Re: Analyzing Suspicious Attachment brian . bevers (Jan 17)
- RE: Analyzing Suspicious Attachment Nick Vaernhoej (Jan 17)
- RE: Analyzing Suspicious Attachment Timmothy Lester (Jan 17)
- RE: Analyzing Suspicious Attachment Richard Golodner (Jan 18)
- Re: Analyzing Suspicious Attachment Josh Haft (Jan 18)
- RE: Analyzing Suspicious Attachment Petter Bruland (Jan 18)
- Re: Analyzing Suspicious Attachment Lee Hinman (Jan 18)
- RE: Analyzing Suspicious Attachment Richard Golodner (Jan 18)
- Re: Analyzing Suspicious Attachment Ansgar -59cobalt- Wiechers (Jan 18)
- Re: Analyzing Suspicious Attachment Ali, Saqib (Jan 17)