Post break-in forensics
From: Alfred Huger (ah@securityfocus.com)
Date: 03/24/03
- Previous message: Balwant Rathore: "RE: Pen Test Study Group in Mumbai"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 24 Mar 2003 09:14:00 -0700 (MST) From: Alfred Huger <ah@securityfocus.com> To: pen-test@securityfocus.com
Hey Folks,
IDS Logs in Forensics Investigations: An Analysis of a Compromised
Honeypot
by Alan Neville
This paper will deconstruct the steps taken to conduct a full analysis of
a compromised machine. In particular, we will be examining the tool that
was used to exploit a dtspcd buffer overflow vulnerability, which allows
remote root access to the system. The objective of this paper is to show
the value of IDS logs in conducting forensics investigations.
http://www.securityfocus.com/infocus/1676
Alfred Huger
Symantec Corp.
----------------------------------------------------------------------------
Did you know that you have VNC running on your network?
Your hacker does. Plug your security holes now!
Download a free 15-day trial of VAM:
http://www2.stillsecure.com/download/sf_vuln_list.html
- Previous message: Balwant Rathore: "RE: Pen Test Study Group in Mumbai"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
