About a month ago, there was much news about the release of COFEE into the torrent wild. I even gave my two cents about the much hyped forensics toolkit which is provided to law enforcement for the purposes of easily capturing volatile data from personal computers during evidence collection. A tool to counter COFEE, aptly […]
In working with OSSEC agentless for some time now I have come across some limitations in the implementation that I felt needed to be addressed. As OSSEC agentless is designed to preform
syscheck functions on remote hosts, more general features are hard (if not impossible) to write into a script. This post will demonstrate an alternative for adding additional features to the OSSEC standard build.
OSSEC is a Host Intrusion detection system (HIDS) in name, but in reality it is far more. It’s able to look for rootkits, monitor logs (LIDS), and even actively respond to defined events. While all these features are great the unsung hero is agentless monitoring.
I’m always a fan of more queries and peaks at what is going on in my AD domain, especially at what is happening on the workstations. I was working on some WMI queries to get information about network interfaces using the Win32_NetworkAdapterConfiguration class, and thought about promqry.exe. Promqry is a tool provided by Microsoft to […]
Scheduled tasks are plentiful in most environments. Managing them is typically a nightmare. You have some running to truncate and copy off logs someplace, or others to run a proprietary backup utility to dump a copy of your Quickbooks data; whatever the reason, over time there are more and they are everywhere. Typically, you want […]