Honeypots mailing list archives
Re: Registry and File Monitoring Programs for Windows Honeypots
From: Floydman <floydman () iquebec com>
Date: Mon, 01 Sep 2003 05:28:52 -0400
Hello Eric.Not quite exactly what you asked for, but you may find these useful as well. I hope they are of any help for your honeypot.
ComLog : it is a command prompt keylogger that wraps around cmd.exe. Besides keeping track of file and registry changes, you may find a history of commands very useful. Also, this will work even if the connection is encrypted on the wire.
LogAgent : Real-time logfile monitoring tool. You can use it to keep a look on ComLog's files, monitor the Events from the Event Viewer, or just any ascii log file you may think of (I must however mention the exception of MS-IIS).
You can find these at http://securit.iquebec.com Floydman At 06:47 PM 29/08/2003, Hines, Eric wrote:
List:I am building a Windows honeypot and am very interested in to hear what sort of software programs some of you might be using to monitor registry and files changes. Sure, sure, I know their is regmon and filemon, but I use those more for when I'm sitting in front of the machine and purposely executing a worm to see what registry entries and files it creates or changes. Are all of you just using regmon or filemon and logging to a file?Eric Hines ============================================= Eric Hines Senior Intrusion Analyst Allstate Information Security --------------------------------------------- [e] ehin4 () allstate com [c] (847) 830-2883 [a] 1075818 () skytel com --------------------------------------------- 3075 Sanders Road Suite G2E Northbrook, IL 60062 ============================================= _____________________________________________________________________ MSN Messenger, nouvelle version ! Personnalisez vos messages, jouez en ligne et communiquez en temps réel par vidéo! http://ifrance.com/_reloc/m
Current thread:
- Registry and File Monitoring Programs for Windows Honeypots Hines, Eric (Aug 30)
- Re: Registry and File Monitoring Programs for Windows Honeypots Michael A. Davis (Aug 30)
- RE: Registry and File Monitoring Programs for Windows Honeypots Larry Seltzer (Aug 30)
- RE: Registry and File Monitoring Programs for Windows Honeypots Harry Hoffman (Aug 30)
- RE: Registry and File Monitoring Programs for Windows Honeypots Mark E. Donaldson (Aug 31)
- Re: Registry and File Monitoring Programs for Windows Honeypots Chris Brenton (Aug 31)
- Re: Registry and File Monitoring Programs for Windows Honeypots Randy Welborn (Aug 31)
- RE: Registry and File Monitoring Programs for Windows Honeypots David Maynor (Aug 31)
- Re: Registry and File Monitoring Programs for Windows Honeypots Chris Brenton (Aug 31)
- RE: [inbox] Registry and File Monitoring Programs for Windows Honeypots Curt Purdy (Aug 31)
- <Possible follow-ups>
- Re: Registry and File Monitoring Programs for Windows Honeypots Floydman (Sep 01)