Security Toolkit for dummies

> I am currently working on a (free)toolkit to pass down to Tier 3 and  
> Tier 2
> to be used in the event of a breach/infection or suspected breach/
> infection.
> In a nutshell I want to give them some tools to use to gain further
> information about the system and processes and/or malicious tools  
> running on
> it. This toolkit is designed for a Windows desktop and Server  
> environment. I
> am looking at building out tools that are fairly easy to use and do  
> not
> require much training. Currently I have the following tools on it:
>
> (SysInternal tools)
> Autoruns
> PortMon
> Process Explorer
> Process Monitor
> Ps Tools
> Logon Sessions
>
> Other tools:
> Adaware
>
>
> Is there anything else folks out there are using to provide their  
> lower
> level support guys with some tools for informational gathering
> purposes....the tools have to run offline as systems are removed in  
> the
> event of a breach or infection...I am not looking for a full blown  
> forensics
> kit, just something I can train folks unfamiliar with tool fairly  
> quickly...
>
>
> ---
> ---------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs  
> an SSL certificate.  We look at how SSL works, how it benefits your  
> company and how your customers can tell if a site is secure. You  
> will find out how to test, purchase, install and use a thawte  
> Digital Certificate on your Apache web server. Throughout, best  
> practices for set-up are highlighted to help you ensure efficient  
> ongoing management of your encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ---
> ---------------------------------------------------------------------
>

> I am currently working on a (free)toolkit to pass down to Tier 3 and  
> Tier 2
> to be used in the event of a breach/infection or suspected breach/
> infection.
> In a nutshell I want to give them some tools to use to gain further
> information about the system and processes and/or malicious tools  
> running on
> it. This toolkit is designed for a Windows desktop and Server  
> environment. I
> am looking at building out tools that are fairly easy to use and do  
> not
> require much training. Currently I have the following tools on it:
>
> (SysInternal tools)
> Autoruns
> PortMon
> Process Explorer
> Process Monitor
> Ps Tools
> Logon Sessions
>
> Other tools:
> Adaware
>
>
> Is there anything else folks out there are using to provide their  
> lower
> level support guys with some tools for informational gathering
> purposes....the tools have to run offline as systems are removed in  
> the
> event of a breach or infection...I am not looking for a full blown  
> forensics
> kit, just something I can train folks unfamiliar with tool fairly  
> quickly...
>
>
> ---
> ---------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs  
> an SSL certificate.  We look at how SSL works, how it benefits your  
> company and how your customers can tell if a site is secure. You  
> will find out how to test, purchase, install and use a thawte  
> Digital Certificate on your Apache web server. Throughout, best  
> practices for set-up are highlighted to help you ensure efficient  
> ongoing management of your encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ---
> ---------------------------------------------------------------------
>

> >-----Original Message-----
> >From: listbounce@... [mailto:listbounce@...]
> >On Behalf Of exzactly
> >Sent: Thursday, November 05, 2009 4:27 AM
> >To: security-basics@...
> >Subject: Security Toolkit for dummies
> >
> >I am currently working on a (free)toolkit to pass down to Tier 3 and Tier
> >2
> >to be used in the event of a breach/infection or suspected
> >breach/infection.
> >In a nutshell I want to give them some tools to use to gain further
> >information about the system and processes and/or malicious tools running
> >on
> >it. This toolkit is designed for a Windows desktop and Server
> >environment. I
> >am looking at building out tools that are fairly easy to use and do not
> >require much training. Currently I have the following tools on it:
> >
> > (SysInternal tools)
> >Autoruns
> >PortMon
> >Process Explorer
> >Process Monitor
> >Ps Tools
> >Logon Sessions
> >
> >Other tools:
> >Adaware
> >
> >
> >Is there anything else folks out there are using to provide their lower
> >level support guys with some tools for informational gathering
> >purposes....the tools have to run offline as systems are removed in the
> >event of a breach or infection...I am not looking for a full blown
> >forensics
> >kit, just something I can train folks unfamiliar with tool fairly
> >quickly...
> >
> >
> >------------------------------------------------------------------------
> >Securing Apache Web Server with thawte Digital Certificate
> >In this guide we examine the importance of Apache-SSL and who needs an
> >SSL certificate.  We look at how SSL works, how it benefits your company
> >and how your customers can tell if a site is secure. You will find out
> >how to test, purchase, install and use a thawte Digital Certificate on
> >your Apache web server. Throughout, best practices for set-up are
> >highlighted to help you ensure efficient ongoing management of your
> >encryption keys and digital certificates.
> >
> >http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f
> >727d1
> >------------------------------------------------------------------------

> I am currently working on a (free)toolkit to pass down to Tier 3 and Tier 2
> to be used in the event of a breach/infection or suspected breach/infection.
> In a nutshell I want to give them some tools to use to gain further
> information about the system and processes and/or malicious tools running on
> it. This toolkit is designed for a Windows desktop and Server environment. I
> am looking at building out tools that are fairly easy to use and do not
> require much training. Currently I have the following tools on it:
>
> (SysInternal tools)
> Autoruns
> PortMon
> Process Explorer
> Process Monitor
> Ps Tools
> Logon Sessions
>
> Other tools:
> Adaware
>
>
> Is there anything else folks out there are using to provide their lower
> level support guys with some tools for informational gathering
> purposes....the tools have to run offline as systems are removed in the
> event of a breach or infection...I am not looking for a full blown forensics
> kit, just something I can train folks unfamiliar with tool fairly quickly...
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL
> certificate.  We look at how SSL works, how it benefits your company and how
> your customers can tell if a site is secure. You will find out how to test,
> purchase, install and use a thawte Digital Certificate on your Apache web
> server. Throughout, best practices for set-up are highlighted to help you
> ensure efficient ongoing management of your encryption keys and digital
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------
>
>

> I use most of the tools which are mentioned below.
> These are some of the tools which I use but do not see in this thread-
>
> LSPFix (a broken one can render an Internet connection dead to the
> world)
> GMER (detects all rootkits and rogue programs)
> Asquared-free (a good antispyware with GUI and commandline scanner)
> Ccleaner (CCleaner is a freeware system optimization, privacy and
> cleaning tool. It removes unused files from your system - allowing
> Windows to run faster and freeing up valuable hard disk space. It also
> cleans traces of your online activities such as your Internet history.
> Additionally it contains a fully featured registry cleaner). This tool
> supports cleanup of all browsers with windows 7 compatibility
>
> -Anshuman
>
>
> -----Original Message-----
> From: listbounce@... [mailto:listbounce@...]
> On Behalf Of Jay Vlavianos
> Sent: Tuesday, November 10, 2009 12:11 AM
> To: 'jacob@...'; 'exzactly';
> security-basics@...
> Subject: RE: Security Toolkit for dummies
>
> In addition to the other tools mentioned, I send my tech's out with a
> bootable USB-Key with Kapersky Rescue for anti-virus scanning.  It is
> slow but takes updates from the server in ram-disk.  The more advanced
> tech's also get a copy of the Ultimate Boot CD on CD/USB key as well.
>
>
> -----Original Message-----
> From: listbounce@... [mailto:listbounce@...]
> On Behalf Of Jacob
> Sent: Thursday, November 05, 2009 10:49 AM
> To: 'exzactly'; security-basics@...
> Subject: RE: Security Toolkit for dummies
>
> Other Ideas...
>
> FileMon
> RegMon
> Malwarebytes
> RootKit Revealer
> HijackThis
>
> -----Original Message-----
> From: listbounce@... [mailto:listbounce@...]
> On
> Behalf Of exzactly
> Sent: Wednesday, November 04, 2009 10:27 AM
> To: security-basics@...
> Subject: Security Toolkit for dummies
>
> I am currently working on a (free)toolkit to pass down to Tier 3 and
> Tier 2
> to be used in the event of a breach/infection or suspected
> breach/infection.
>
> In a nutshell I want to give them some tools to use to gain further
> information about the system and processes and/or malicious tools
> running on
>
> it. This toolkit is designed for a Windows desktop and Server
> environment. I
>
> am looking at building out tools that are fairly easy to use and do not
> require much training. Currently I have the following tools on it:
>
>  (SysInternal tools)
> Autoruns
> PortMon
> Process Explorer
> Process Monitor
> Ps Tools
> Logon Sessions
>
> Other tools:
> Adaware
>
>
> Is there anything else folks out there are using to provide their lower
> level support guys with some tools for informational gathering
> purposes....the tools have to run offline as systems are removed in the
> event of a breach or infection...I am not looking for a full blown
> forensics
>
> kit, just something I can train folks unfamiliar with tool fairly
> quickly...
>
>
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an
> SSL
> certificate.  We look at how SSL works, how it benefits your company and
> how
> your customers can tell if a site is secure. You will find out how to
> test,
> purchase, install and use a thawte Digital Certificate on your Apache
> web
> server. Throughout, best practices for set-up are highlighted to help
> you
> ensure efficient ongoing management of your encryption keys and digital
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
> f727
> d1
> ------------------------------------------------------------------------
>
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an
> SSL certificate.  We look at how SSL works, how it benefits your company
> and how your customers can tell if a site is secure. You will find out
> how to test, purchase, install and use a thawte Digital Certificate on
> your Apache web server. Throughout, best practices for set-up are
> highlighted to help you ensure efficient ongoing management of your
> encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
> f727d1
> ------------------------------------------------------------------------
>
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an
> SSL certificate.  We look at how SSL works, how it benefits your company
> and how your customers can tell if a site is secure. You will find out
> how to test, purchase, install and use a thawte Digital Certificate on
> your Apache web server. Throughout, best practices for set-up are
> highlighted to help you ensure efficient ongoing management of your
> encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
> f727d1
> ------------------------------------------------------------------------
>
>
> "Legal Disclaimer: This electronic message and all contents contain information from Cybage Software Private Limited which may be privileged, confidential, or otherwise protected from disclosure. The information is intended to be for the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents of this message is strictly prohibited. If you have received this electronic message in error please notify the sender by reply e-mail to and destroy the original message and all copies. Cybage has taken every reasonable precaution to minimize the risk of malicious content in the mail, but is not liable for any damage you may sustain as a result of any malicious content in this e-mail. You should carry out your own malicious content checks before opening the e-mail or attachment."
> www.cybage.com
>
>
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------
>
>

> I use most of the tools which are mentioned below.
> These are some of the tools which I use but do not see in this thread-
>
> LSPFix (a broken one can render an Internet connection dead to the
> world)
> GMER (detects all rootkits and rogue programs)
> Asquared-free (a good antispyware with GUI and commandline scanner)
> Ccleaner (CCleaner is a freeware system optimization, privacy and
> cleaning tool. It removes unused files from your system - allowing
> Windows to run faster and freeing up valuable hard disk space. It also
> cleans traces of your online activities such as your Internet history.
> Additionally it contains a fully featured registry cleaner). This tool
> supports cleanup of all browsers with windows 7 compatibility
>
> -Anshuman
>
>
> -----Original Message-----
> From: listbounce@... [mailto:listbounce@...]
> On Behalf Of Jay Vlavianos
> Sent: Tuesday, November 10, 2009 12:11 AM
> To: 'jacob@...'; 'exzactly';
> security-basics@...
> Subject: RE: Security Toolkit for dummies
>
> In addition to the other tools mentioned, I send my tech's out with a
> bootable USB-Key with Kapersky Rescue for anti-virus scanning.  It is
> slow but takes updates from the server in ram-disk.  The more advanced
> tech's also get a copy of the Ultimate Boot CD on CD/USB key as well.
>
>
> -----Original Message-----
> From: listbounce@... [mailto:listbounce@...]
> On Behalf Of Jacob
> Sent: Thursday, November 05, 2009 10:49 AM
> To: 'exzactly'; security-basics@...
> Subject: RE: Security Toolkit for dummies
>
> Other Ideas...
>
> FileMon
> RegMon
> Malwarebytes
> RootKit Revealer
> HijackThis
>
> -----Original Message-----
> From: listbounce@... [mailto:listbounce@...]
> On
> Behalf Of exzactly
> Sent: Wednesday, November 04, 2009 10:27 AM
> To: security-basics@...
> Subject: Security Toolkit for dummies
>
> I am currently working on a (free)toolkit to pass down to Tier 3 and
> Tier 2
> to be used in the event of a breach/infection or suspected
> breach/infection.
>
> In a nutshell I want to give them some tools to use to gain further
> information about the system and processes and/or malicious tools
> running on
>
> it. This toolkit is designed for a Windows desktop and Server
> environment. I
>
> am looking at building out tools that are fairly easy to use and do not
> require much training. Currently I have the following tools on it:
>
> (SysInternal tools)
> Autoruns
> PortMon
> Process Explorer
> Process Monitor
> Ps Tools
> Logon Sessions
>
> Other tools:
> Adaware
>
>
> Is there anything else folks out there are using to provide their lower
> level support guys with some tools for informational gathering
> purposes....the tools have to run offline as systems are removed in the
> event of a breach or infection...I am not looking for a full blown
> forensics
>
> kit, just something I can train folks unfamiliar with tool fairly
> quickly...
>
>
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an
> SSL
> certificate.  We look at how SSL works, how it benefits your company and
> how
> your customers can tell if a site is secure. You will find out how to
> test,
> purchase, install and use a thawte Digital Certificate on your Apache
> web
> server. Throughout, best practices for set-up are highlighted to help
> you
> ensure efficient ongoing management of your encryption keys and digital
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
> f727
> d1
> ------------------------------------------------------------------------
>
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an
> SSL certificate.  We look at how SSL works, how it benefits your company
> and how your customers can tell if a site is secure. You will find out
> how to test, purchase, install and use a thawte Digital Certificate on
> your Apache web server. Throughout, best practices for set-up are
> highlighted to help you ensure efficient ongoing management of your
> encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
> f727d1
> ------------------------------------------------------------------------
>
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an
> SSL certificate.  We look at how SSL works, how it benefits your company
> and how your customers can tell if a site is secure. You will find out
> how to test, purchase, install and use a thawte Digital Certificate on
> your Apache web server. Throughout, best practices for set-up are
> highlighted to help you ensure efficient ongoing management of your
> encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
> f727d1
> ------------------------------------------------------------------------
>
>
> "Legal Disclaimer: This electronic message and all contents contain
> information from Cybage Software Private Limited which may be privileged,
> confidential, or otherwise protected from disclosure. The information is
> intended to be for the addressee(s) only. If you are not an addressee, any
> disclosure, copy, distribution, or use of the contents of this message is
> strictly prohibited. If you have received this electronic message in error
> please notify the sender by reply e-mail to and destroy the original
> message and all copies. Cybage has taken every reasonable precaution to
> minimize the risk of malicious content in the mail, but is not liable for
> any damage you may sustain as a result of any malicious content in this
> e-mail. You should carry out your own malicious content checks before
> opening the e-mail or attachment."
> www.cybage.com
>
>
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL
> certificate.  We look at how SSL works, how it benefits your company and
> how your customers can tell if a site is secure. You will find out how to
> test, purchase, install and use a thawte Digital Certificate on your
> Apache web server. Throughout, best practices for set-up are highlighted
> to help you ensure efficient ongoing management of your encryption keys
> and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------
>
>

> Probably for the same reason it was removed as a torrent from various
> sites - it is deemed too hot to deal with at the moment.
>
> Considering it is one of the only software packages out there that was
> completely designed for LEOs, it stands to reason that people fear M$
> legal/cop smack down.
>
> Why get the BSA involved for piracy when you can just let the LEOs you
> create it for own the case?  Even reporting that you reviewed it is an
> admission of guilt.
>
> -Jay
>
> On Nov 12, 2009, at 4:27 PM, "n3td3v" <xploitable@...> wrote:
>
>> On Tue, Nov 10, 2009 at 4:47 PM, xgermx <xgermx@...> wrote:
>>> Not to mention Microsoft COFEE now that it's been leaked
>>>
>>
>> Funny you say that, there was a news article on the frontpage of
>> Securityfocus about that by Robert Lemos which has now been removed.
>> Anybody know why?
>