Re: Conficker - your opion on how to determine the source of infection on a given network



On Thu, Aug 13, 2009 at 1:55 PM, Tiflin, Conrad (ZA - Cape
Town)<ctiflin@xxxxxxxxxxxxxx> wrote:
Quick Question to all.

Anyone else have better ideas to determine the source computer on a network from which conficker originated?


./CT

AntiVirus detection logs. TrendMicro servers at the job provide
historical data so that we may determine infection origins. Then a
forensic analysis of the box tells of how/where the virus was
obtained.

-Guy

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------



Relevant Pages

  • Re: IP secondary network visualization tool?
    ... IP secondary network visualization tool? ... Information Assurance Certification Review Board ... IACRB CPT and CEPT certs require a full ...
    (Pen-Test)
  • Re: WiFi sniffing need to be connected?
    ... I think it depends on which client you are trying to sniff. ... on wifi then if you put your card in promiscous mode you should be ... that network. ... Information Assurance Certification Review Board ...
    (Pen-Test)
  • Re: run nmap automatically from index.html (??)
    ... determine if unauthorized equipment is attached to the network. ... For nmap to accomplish this, it needs to be on the same ... Information Assurance Certification Review Board ... Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. ...
    (Pen-Test)
  • RE: Internal Penetration Testing
    ... I use the same ones that I use to test the perimeter systems of our network. ... Subject: Internal Penetration Testing ... Information Assurance Certification Review Board ... Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. ...
    (Pen-Test)
  • Re: Profiling a Networks Infrastructure
    ... You can do banner grabbing using nmap or some such but that is only as ... resides on the Network. ... Information Assurance Certification Review Board ... Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. ...
    (Pen-Test)