1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Built-in Windows commands to determine if a system has been hacked

Discussion in 'Computer Security' started by Mitzs, Mar 12, 2008.

  1. Mitzs
    Honorary Member

    Mitzs Ducktape Goddess

    3,282
    73
    152
    http://searchsecurity.techtarget.com/tip/0,289483,sid14_gci1303709,00.html
     
    Certifications: Microcomputers and network specialist.
    WIP: Adobe DW, PS
  2. Tinus1959

    Tinus1959 Gigabyte Poster

    1,539
    42
    106
    Nice article. To bad they did not screen it better for errors.

    For example:

    The [N] here is an integer, indicating that WMIC should run the given command every [N] seconds. That way, users can look for changes in the settings of the system over time, allowing careful scrutiny of the output. Using this function to pull a process summary every 5 seconds, users could run:
    C:\> wmic process list brief /every:1
     
    Certifications: See my signature
    WIP: MCSD, MCAD, CCNA, CCNP
  3. Mitzs
    Honorary Member

    Mitzs Ducktape Goddess

    3,282
    73
    152
    Tinus, you should send them an email shairing that with them. You never know.
     
    Certifications: Microcomputers and network specialist.
    WIP: Adobe DW, PS
  4. ffreeloader

    ffreeloader Terabyte Poster

    3,661
    106
    167
    The only problem with those tools is that if your computer has been rootkitted those tools can't be trusted as they rely on the system itself to report to them. If the system has been rootkitted it will lie to the tools, and the output from the tools will therefore be useless.
     
    Certifications: MCSE, MCDBA, CCNA, A+
    WIP: LPIC 1
  5. S0l5

    S0l5 Bit Poster

    39
    0
    2
    Isnt that the same for Linux?
     
  6. csx

    csx Megabyte Poster

    511
    6
    81
    Interesting article! thanks :thumbleft
     
    Certifications: A+, Network+, 70-271 & 70-272, CCENT, VCP5-DCV and CCNA
    WIP: Citrix
  7. ffreeloader

    ffreeloader Terabyte Poster

    3,661
    106
    167
    Yup. Once any system is rootkitted it's completely unreliable, so putting forth tools that rely on the system to be truthful when a system has been hacked is at best a very iffy proposition.

    That's why Linux tools include tools that run from a cd to check binaries, and system settings. That way they don't depend on the compromised system to check itself.
     
    Certifications: MCSE, MCDBA, CCNA, A+
    WIP: LPIC 1
  8. Tinus1959

    Tinus1959 Gigabyte Poster

    1,539
    42
    106
    Will do.
     
    Certifications: See my signature
    WIP: MCSD, MCAD, CCNA, CCNP
  9. Tinus1959

    Tinus1959 Gigabyte Poster

    1,539
    42
    106
    Mitzs, are you a member there? I can't find a link to respond to that article. Could you do me the favor?
     
    Certifications: See my signature
    WIP: MCSD, MCAD, CCNA, CCNP
  10. UCHEEKYMONKEY
    Honorary Member

    UCHEEKYMONKEY R.I.P - gone but never forgotten. Gold Member

    4,140
    58
    214
    Well done Mitzs - that's an interesting article:thumbleft
     
    Certifications: Comptia A+
    WIP: Comptia N+

Share This Page

Loading...