Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Followup from last shift and some research to do.

Published: 2008-12-13
Last Updated: 2008-12-13 21:13:31 UTC
by Jim Clausing (Version: 1)
0 comment(s)

I asked our readers for some input during my last shift and only got 2 responses, so there wasn't much to followup on, though see the additional links below, re: finding threads/executables (thanx to Michael and Francesco for pointing these out).  I am still interested in the IPv6 tools question, so I plan to spend some time over the next month testing some of our favorite network tools in an IPv6 environment and hope to post some of my results during my next shift in Jan.  If there are any tools that you like that you'd like to recommend for me to look at, let me know via our contact page in the next couple of days.

Additional reading material:

http://dvlabs.tippingpoint.com/blog/2008/11/06/mindshare-finding-executable-images-in-windbg  (by Cody Pierce)

http://www.dfrws.org/2006/proceedings/2-Schuster.pdf  (paper by Andreas Schuster)

Another tool:

http://www.nirsoft.net/utils/injected_dll.html

0 comment(s)

The continuing IE saga - workarounds

Published: 2008-12-13
Last Updated: 2008-12-13 20:36:06 UTC
by Jim Clausing (Version: 1)
0 comment(s)

For those who have been following the recent exploitation of the unpatched Internet Explorer vulnerability, Microsoft updated their security advisory 961051, yet again yesterday.  They provided some clarification of the workaround suggestions.  I highly recommend you read thier blog post here.

Keywords: IE
0 comment(s)
Diary Archives