RE: [inbox] Registry and File Monitoring Programs for Windows Honeypots

["Curt Purdy" <purdy () tecman com>]

Check out filemon and regmon from sysinternals.  They do real-time
monitoring of changes in both.

Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions

----------------------------------------

If you spend more on coffee than on IT security, you will be hacked. 
What's more, you deserve to be hacked.
-- White House cybersecurity adviser Richard Clarke



-----Original Message-----
From: Hines, Eric [mailto:ehin4 () allstate com]
Sent: Friday, August 29, 2003 5:47 PM
To: honeypots () securityfocus com
Subject: [inbox] Registry and File Monitoring Programs for Windows
Honeypots


List:

I am building a Windows honeypot and am very interested in to hear what sort
of software programs some of you might be using to monitor registry and
files changes. Sure, sure, I know their is regmon and filemon, but I use
those more for when I'm sitting in front of the machine and purposely
executing a worm to see what registry entries and files it creates or
changes. Are all of you just using regmon or filemon and logging to a file? 

Eric Hines

=============================================
Eric Hines
Senior Intrusion Analyst 
Allstate Information Security
---------------------------------------------
[e] ehin4 () allstate com
[c] (847) 830-2883
[a] 1075818 () skytel com
---------------------------------------------
3075 Sanders Road
Suite G2E
Northbrook, IL 60062
=============================================

<<attachment: winmail.dat>>