To Catch a (Hacking) Intruder
Don’t miss another great article by Jimmy Ray posted on bMighty.com: To Catch a (Hacking) Intruder. This one covers some great technical (but easy to understand) detail on 4 things you need to do if you think or know you have been hacked.
1. (If you know you have been hacked) - Preserve the crime scene! How to do it without disturbing evidence and when to contact law enforcement.
2. Using Netstat to understand all the outside connections your machine is making.
3. Using the Registry to see what programs are starting up each time you start your machine. (Your start up menu is not your friend here... fun to see what matches up and what doesn’t.
4. Understanding the use of ADS or Alternate Data Streams (we covered this on Episode 27: Invisible Attackers). This would be the only tip JR gives that involves the use of some third party tools. He suggests a few to try.
This is a great article and is entertaining as well as informative. Another nod to the greatness that is Jimmy Ray and of course proof once again I get to work with the smartest people at Cisco. I only have two complaints:
1. I wish JR’s articles on bMighty did a better job of linking back to our official video site at Cisco so people could find more content with and by Jimmy Ray (www.cisco.com/go/interact)
2. This was a very windows centric article. No mention of how to do this with a Mac. Now Jimmy Ray is as comfortable with his Mac as he is with anything else... but he is playing to the larger crowd it looks like. Perhaps he will follow up with a blog entry here on advice for Mac users to do some of the same things he referenced in this article!?
Great Stuff Once Again my Redneck Friend!
Robb
Comments