Built-in Windows commands to determine if a system has been hacked

Discussion in 'Computer Security' started by Mitzs, Mar 12, 2008.

  1. Mitzs
    Honorary Member

    Mitzs Ducktape Goddess

    3,286
    85
    152
    Mar 12, 2008 #1
    Remove Advertisement - Premium Membership
    http://searchsecurity.techtarget.com/tip/0,289483,sid14_gci1303709,00.html
     
    Certifications: Microcomputers and network specialist.
    WIP: Adobe DW, PS
  2. Tinus1959

    Tinus1959 Gigabyte Poster

    1,539
    42
    106
    Mar 12, 2008 #2
    Remove Advertisement - Premium Membership
    Nice article. To bad they did not screen it better for errors.

    For example:

    The [N] here is an integer, indicating that WMIC should run the given command every [N] seconds. That way, users can look for changes in the settings of the system over time, allowing careful scrutiny of the output. Using this function to pull a process summary every 5 seconds, users could run:
    C:\> wmic process list brief /every:1
     
    Certifications: See my signature
    WIP: MCSD, MCAD, CCNA, CCNP
  3. Mitzs
    Honorary Member

    Mitzs Ducktape Goddess

    3,286
    85
    152
    Mar 12, 2008 #3
    Tinus, you should send them an email shairing that with them. You never know.
     
    Certifications: Microcomputers and network specialist.
    WIP: Adobe DW, PS
  4. ffreeloader

    ffreeloader Terabyte Poster

    3,661
    106
    167
    Mar 12, 2008 #4
    The only problem with those tools is that if your computer has been rootkitted those tools can't be trusted as they rely on the system itself to report to them. If the system has been rootkitted it will lie to the tools, and the output from the tools will therefore be useless.
     
    Certifications: MCSE, MCDBA, CCNA, A+
    WIP: LPIC 1
  5. S0l5

    S0l5 Bit Poster

    39
    0
    2
    Mar 12, 2008 #5
    Isnt that the same for Linux?
     
  6. csx

    csx Megabyte Poster

    511
    6
    81
    Mar 12, 2008 #6
    Interesting article! thanks :thumbleft
     
    Certifications: A+, Network+, 70-271 & 70-272, CCENT, VCP5-DCV and CCNA
    WIP: Citrix
  7. ffreeloader

    ffreeloader Terabyte Poster

    3,661
    106
    167
    Mar 12, 2008 #7
    Yup. Once any system is rootkitted it's completely unreliable, so putting forth tools that rely on the system to be truthful when a system has been hacked is at best a very iffy proposition.

    That's why Linux tools include tools that run from a cd to check binaries, and system settings. That way they don't depend on the compromised system to check itself.
     
    Certifications: MCSE, MCDBA, CCNA, A+
    WIP: LPIC 1
  8. Tinus1959

    Tinus1959 Gigabyte Poster

    1,539
    42
    106
    Mar 13, 2008 #8
    Will do.
     
    Certifications: See my signature
    WIP: MCSD, MCAD, CCNA, CCNP
  9. Tinus1959

    Tinus1959 Gigabyte Poster

    1,539
    42
    106
    Mar 13, 2008 #9
    Mitzs, are you a member there? I can't find a link to respond to that article. Could you do me the favor?
     
    Certifications: See my signature
    WIP: MCSD, MCAD, CCNA, CCNP
  10. UCHEEKYMONKEY
    Honorary Member

    UCHEEKYMONKEY R.I.P - gone but never forgotten. Gold Member

    4,140
    58
    214
    Mar 13, 2008 #10
    Well done Mitzs - that's an interesting article:thumbleft
     
    Certifications: Comptia A+
    WIP: Comptia N+

Share This Page

Loading...
Remove Advertisement - Premium Membership
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...