Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Post break-in forensics

From: Alfred Huger <ah () securityfocus com>
Date: Mon, 24 Mar 2003 09:14:00 -0700 (MST)

Hey Folks,

IDS Logs in Forensics Investigations: An Analysis of a Compromised
Honeypot
by Alan Neville

This paper will deconstruct the steps taken to conduct a full analysis of
a compromised machine. In particular, we will be examining the tool that
was used to exploit a dtspcd buffer overflow vulnerability, which allows
remote root access to the system. The objective of this paper is to show
the value of IDS logs in conducting forensics investigations.

http://www.securityfocus.com/infocus/1676

Alfred Huger
Symantec Corp.


----------------------------------------------------------------------------
Did you know that you have VNC running on your network? 
Your hacker does. Plug your security holes now! 
Download a free 15-day trial of VAM:
http://www2.stillsecure.com/download/sf_vuln_list.html
Previous By Date Next
Previous By Thread Next

Current thread: