Re: They got me!!!



Hi

Helix will give you a start
http://www.e-fense.com/helix/

cheers
Ivan

On 5 Apr 2006 16:23:33 -0000, pentesticle@xxxxxxxxx
<pentesticle@xxxxxxxxx> wrote:
Hey list!!!

My kids left their puter on while I was away on vacation and some
loverly person managed to gain access to the puter. Unfortunately I was on
vacation so had all of my systems off except the one the kids turned
back on, so my sniffer was off as well.

I don't know much from the forensics side of the house as I mainly
perform audits and such, so was hoping I could get some insight as where to
start and tools to use to find everything that was done to the
computer.

My AV software picked up a trojan, but figure it was after the fact and
is still resident on the system. It almost appears that they accessed
hotmail and picked up files from a mailbox. (sure wish my sniffer would
have been on :( )The local Symantec firewall is being bypassed and most
of the services won't start. Term Svcs among others has been set to
manual but starts up automatically with Windows (I had it disabled before)
and will not allow me to stop the service. I keep the system up to date
with patches and AV signatures and use 25 char passwords with
fingerprint scanners for the kids to use, so am not certain what they used to
exploit, but given time anything can be broken. My fingerprint scanner
doesn;t show any failed logon attempts while we were gone but the
security logs show numerous failed attempts by all of the accounts so assuming
they are trying to remotely access the PC. I'm thinking they gained
access to the account that was currently logged in as it shows th
at particular account's priviledges were escalated in the log files
several times then shortly after it shows the system account making
changes to the system.

Anyway, if somone could recommend where to start and what tools I
should use, I guess this will begin my forensics career and OJT...

Much appreciated :)




Relevant Pages

  • They got me!!!
    ... My kids left their puter on while I was away on vacation and some ... several times then shortly after it shows the system account making ...
    (Incidents)
  • Re: They got me!!!
    ... I'm guessing your kids got nailed with malware/peer to peer trojans because they've been surfing places they shouldn't have. ... Unfortunately I was on vacation so had all of my systems off except the one the kids turned back on, so my sniffer was off as well. ... at particular account's priviledges were escalated in the log files several times then shortly after it shows the system account making changes to the system. ...
    (Incidents)
  • Re: Alphas 2010 TR - Day 6: Epcot
    ... arriving, when you're leaving. ... to do is a bunch of vacation laundry. ... That has made Dale feel upset and Chip feel guilty. ... Next time have Dale sit up with the kids and ask Chip to hang back ...
    (rec.arts.disney.parks)
  • Re: WQs 52-Week Season NBC Fall Sked 08
    ... --- Just one account? ... Drama about a group of people who realize they are somehow ... --- Get rid of the 2 kids and maybe we might have a sale here. ... Comedy about a has-been hairdresser trying to raise his kids. ...
    (rec.arts.tv)
  • Re: Printer Passwords
    ... make your kids "Limited Users"? ... My theory is that the most common MS applications REQUIRE it. ... > Set them up with their own account, and make him/her/them a Limited User. ... > is not a security risk on the network -- WinXP doesn't let you log on over ...
    (microsoft.public.security)