Threat Level: green Handler on Duty: Pedro Bueno

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Windows Detours

Published: 2008-05-01
Last Updated: 2008-05-02 00:57:24 UTC
by Adrien de Beaupre (Version: 1)
0 comment(s)

Another one of those Windows tools you wished you had heard about yesterday!

Ever wish you could log any call to a specific Win32 API? Enter detours, it can hook into a process, and log any everything. Lets not stop there, it can intercept arbitrary function calls! Believe it or not detours has been around since 1999, described here  and  here. The official description is that detours can instrument and extend existing operating system and application functionality. Think about it...

Cheers,
Adrien de Beaupré
Bell Canada

Thanks Robert!

Keywords: Detours Microsoft
0 comment(s)

Windows XP SteadyState

Published: 2008-05-01
Last Updated: 2008-05-02 00:56:54 UTC
by Adrien de Beaupre (Version: 1)
0 comment(s)

One of those Windows tools you wished you had heard about yesterday!

Ever wish your Windows XP computer could return the way it was when it worked correctly? That would be great, right? We can all recall some point when a particular system worked just right. Enter a utility from Microsoft that does just that, and more than a 'System Restore'. It is called SteadyState and it can retain a golden image and revert to that state at will. It is designed to lock down shared computers that do not have a full time sysadmin, however it can be used in a number of scenarios. VMs are not always the environment of choice for malware researchers for example. URL is here.

Cheers,
Adrien de Beaupré
Bell Canada

Thanks Robert!

Keywords: Microsoft Windows xp
0 comment(s)

ISC Podcast Episode Number 3

Published: 2008-05-01
Last Updated: 2008-05-01 14:23:00 UTC
by Joel Esler (Version: 2)
0 comment(s)

Hey all, we just put out Episode Number 3 for the Internet Storm Center Podcast.  Available via iTunes here, and for you non-iTunes users, here.

 

Update:  For those of you that already grabbed it, you might want to regrab it.  We had a reader write in and tell us that the audio was bad, (more on that later, I'll document it on my blog below), but we fixed it now.  The length of the podcast is exactly the same, and iTunes should pick up the new one because Johannes gave it a new GUID.  Sorry about the inconvenience, thanks for the feedback!  But it's all fixed now.

--

Joel Esler

http://www.joelesler.net

Keywords: podcast
0 comment(s)
Diary Archives