Programs mentioned in Windows section of GSEC

Document Sample
Programs mentioned in Windows section of GSEC Powered By Docstoc
					Tools for UCS’s
(Submit to Frank)


DOS:
dir, ver, winver, format, fdisk, sysinfo, mem, mode, label, list, more, sort, tracert, arp, ipconfig, winipcfg,
nbtstat, netstat -a –n, net start, net user, net group, net localgroup, Sysdiff, regdmp.exe, xcacls.exe, perms.exe,
dir c:\winnt\*.exe /s/t:c > exefiles.txt


Windows:
Scanregw, sysedit, msconfig, sfc (System File Checker), fc (file compare), Cleanup, Regedit.exe, regedt32.exe,
poledit.exe, passfilt.dll, Schedule service ("at"), dommon.exe, rasusers, raslist.exe


Resource Kits:
Tweak UI, regback.exe, regrest.exe, floplock.exe, passprop.exe, regback, dumpel.exe, netsvc.exe, adduser.exe,
sysdiff.exe, regdmp.exe, xcacls.exe, perms.exe, pstat, netsvc.exe, addusers, findgrp.exe, global.exe, local.exe


System Build and Patching:
OS CD’s
OS Boot Disks
Patch and AV CD
Shavlik Enterprise Security Advisor http://www.shavlik.com/sesa.htm
Shavlik Hfnetchkpro Adminsuite http://www.shavlik.com/securitv/prod_as.Asp
Ghost. http://enterprisesecurity.symantec.com/products.cfm?productID=3
UltraBac http://UltraBac.com
Drive Image http://www.powerquest.com/driveimage/
Qfecheck http://microsoft.com/technet/support/kb.asp?ID=282784
PatchWork http://grc.com/pw/patchwork.htm
Microsoft Baseline Security Analyzer (Free)
HFNetChk (Free)
QChain (Free)
SUS (Windows 2000 and XP only)
Windows 2000 Group Policy (Software Installation)
Windows Installer
Microsoft Operations Manager
SMS
Advanced Hotfix Manager v3.2
Center for Internet Security's Benchmark and Scoring Tool (Free)
Daisy
Desk Top Engineer's topic listing on using Windows Installer
HFNetChkLt
Patch Link Update 3.0
PatchMeister (Free)
Security Update Manager
Service Pack Manager 2000 v6.2
Update Expert



Suggested Tools
DreamWeaver 4
Adobe photoshop 7
McAfee AV
SSH
Web Drive
HP Jet and Web Admin
WinZip
Win Amp
Acrobat Reader


System Operation:
Pop-up Stopper www.panicware.com
Diskkeeper
Karen’s Directory Printer
Erasere
Ad-Aware
Pest Patrol
SpyBot S&D
Trogan Hunter
Startup Cop http://www.pcmag.com http://www.pcmag.com/article/0,2997,s=0&a=8066,00.asp
BCWipe http://www.jetico.com/



System Operation, Advanced:
NIST-Time
AM Deadlink
Sync-IT www.sync-it.com
Cardscan www.corex.com
HeatSoft ADCS
Palm
I-Planet Sync
P-touch label printer


Backup/Dis. Recovery/Business Cont:
ArcServe -Computer Associates
BackupExec - Veritas (formerly Seagate)
Networker - Legato
NTBackup

Remote access/Management
NetCat
VNC
PCAnyWhere
Terminal Services
Remote Desktop/Remote Administration (XP)
GoToMyPC


Administration and operations
Helpdesk software
MS Office
Password 2000
Nero CD Burning
Roxio CD Burning
MS Project
MS Visio




Security/ Forensics/Incidence Handling:
Snort
Sara
Nessus
Tenable
Snort-Snarf
Snare
NBTDump Null session scanner
NMap
Stat
HFNetChkLt www.Shavlik.com
Kiwi logging
Active Ports
Vision
Active monitor
Host Monitor
LanGuard
Mynetwatchmen
Tripwire
Quakenbush Password Appraiser http://www.quakenbush.com
LC4 (formerly LOphtCrack) http://www.atstake.com
user2sid
sid2user
Ntmp http://www.insecure.org/nmap
http://www.monkey.org/~dugsong/dsniff
BootNTFS
TDS-3 anti-trojan
SuperScan4
eEye tools Retina (Code Red, Nimda, SQL, Blaster)
Panda Software virus/worm hunting tools
NTFS-DOS http://www.sysinternals.com/
NTLast http://www.foundstone.com
Centrax http://www.cvbersafe.com
SystemScanner http://www.iss.net
FPort http://www.foundstone.com
Inzider http://ntsecurity.nu
Nplist www.NTObjective.com
Sfind www.NTObjective.com
Hfind www.NTObjective.com
Afind www.NTObjective.com
delguest.exe http://packetstorm.widexs.nl/NT
hfcheck.exe http://www.microsoft.com/Downloads/Release.asp?ReleasID=24168 (not HFNetChk)
DumpEvt, DumpACL, DumpReg http://www.somarsoft.com
NTObjectives (now Foundstone) www.foundstone.com/rdlabs/tools.l2hl2
NTOLog httl2://www.nttoolbox.com/down1oad.htm
S-Tools
LinNT
http://packetstorm.linuxsecuritv.com/NT
http://www.simovits.com/nvheter9902.html


Boot to another OS for access/password change:
Knoppix Linux Boot CD
NTHack floppy Linux Boot Floppy




Network:
What’s up Gold
Enterprise Manager
TCPDump
WinDump
Ethereal
Fluke Network Inspector
Internet Maniac
Network Spy
NetXRayNT
Network View



Wireless
Net Stumbler
Air Snort
Single workstation
FRED which runs some of the following

Processes running:
Task Manager or the command-line tools TList (W2K) and Tasklist (XP), (default installations of W2K and
XP)
PsTools from Sysinternals at http://www.systeminternals.com
Fport from Foundstone at http://www.foundstone.com

Current system activity:
Filemon and Regmon from Sysinternals at http://www.systeminternals.com

Services and drivers:
SC.exe, Sclist.exe, and Drivers.exe, http://www.microsoft.com
Net Start and Reg.exe, (default installations of W2K and XP)

New files:
Dir /q /-c /o:d /t:a /s > filename.txt, (default installations of W2K and XP)
Forensic Toolkit from Foundstone at http://www.foundstone.com

Memory contents:
CheckSym.exe, http://www.microsoft.com

Registry:
Reg.exe, (default installations of W2K and XP)
Regdmp.exe, http://www.microsoft.com

Permissions:
Xcacls.exe, Xcacls.vbs, and Subinacl.exe, http://www.microsoft.com

Current network connections:
Netstat.exe -ano and Nbtstat.exe, (default installations of W2K and XP) (the -o switch for Netstat.exe works in
XP only)
Fport from Foundstone at http://www.foundstone.com
Active Port (APort)
Vision

Network IP routes:
Netstat.exe -r and Route Print, (default installations of W2K and XP)

Shares information:
Net Share, (default installations of W2K and XP)
Srvcheck.exe, http://www.microsoft.com
DumpSec from SomarSoft at http://www.somarsoft.com
Vadump.exe, http://www.microsoft.com
Scheduled tasks:
At and Run registry keys, (default installations of W2K and XP)

Slack space:
EnCase (http://www.guidancesoftware.com/)
NTI (http://www.forensics-intl.com/tools.html)
WinHex (http://www.sf-soft.de)
Norton Utilites Disk Editor (http://www.sf-soft.de)

Sector-by-sector copy of a hard drive:
SafeBack from NTI (http://www.forensics-intl.com/safeback.html)
Norton Ghost from Symantec (only when using the -IR switch, and found at
http://www.symantec.com/sabu/ghost/ghost_personal/)
EnCase (http://www.guidancesoftware.com/)
dd, a tool for forensically-sound backups.
WinDD

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:33
posted:9/6/2011
language:English
pages:7