Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Followup from last shift and some research to do. - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Followup from last shift and some research to do.

I asked our readers for some input during my last shift and only got 2 responses, so there wasn't much to followup on, though see the additional links below, re: finding threads/executables (thanx to Michael and Francesco for pointing these out).  I am still interested in the IPv6 tools question, so I plan to spend some time over the next month testing some of our favorite network tools in an IPv6 environment and hope to post some of my results during my next shift in Jan.  If there are any tools that you like that you'd like to recommend for me to look at, let me know via our contact page in the next couple of days.

Additional reading material:

http://dvlabs.tippingpoint.com/blog/2008/11/06/mindshare-finding-executable-images-in-windbg  (by Cody Pierce)

http://www.dfrws.org/2006/proceedings/2-Schuster.pdf  (paper by Andreas Schuster)

Another tool:

http://www.nirsoft.net/utils/injected_dll.html

Jim

400 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!