IIR

Syndicate

Projects

mirrored Conference materials

BinVis

Git projects

Shared notes

Search

Flattr

If you like this, you can use flattr. ;)

Imprint

About
eMail: wishinet at gmail . com
PGP ID: 0xCCCA5E74

Jabber: wishi@jabber.ccc.de

Similar entries

Recent blog posts

wishinet: checking out GDB with Dtrace support for OS X... (1.9.2). Should be interesting.
wishinet: RT @bfoo: Worth reading: http://merbist.com/2010/08/22/discussion-with-a-java-switcher/
wishinet: nächstes Jahr Taikai in Nürnberg (http://www.taikai.de/) - und nu aus Nürnberg total groggy in die Falle! ;)

Links

UnprotectedHex - about formal software verification
Sean's blog

Xecurity - a security feed collecter
Reddit RCE group

Freedom To Tinker
Emergent Chaos

Woodmann RCE forums
OpenRCE community forums

SecViz - security data visualization
DAVIX Live - for security metrics
Hex Live
Security Metrics

Immunity's Free Software
Core Security's OpenSouce research
Zynamics Blog

Centralops
Serversniff

Mon, 07/21/2008 - 15:18 | wishi

txtWhat's the first thing to do if any unexpected incident occurs? NO not plugging out the network cable. Only morons do this. Collect information.

I found a nifty tool while surfing around:

Nigilant32 is an incident response tool designed to capture as much information as possible from a running system with the smallest potential impact. Nigilant32 has been developed with Windows 2000, XP, and 2003 in mind, and should work fine with computers running one of those operating systems. Nigilant32 is beta software and may not work in all instances.

So this is for reversing information about how a (compromised) environment behaves and why. Just for getting the causal chain working.

Seems to be small, lightweight, and now my Windows 2k is glad to have it in a folder.

Yes, it's proprietary, it's not OpenSource, it's not ready jet, and it's a beta. Maybe that's the reason why it's for free atm? :)

wishi's blog |

1+[encrypted]+#b94+ |

txt

Post new comment

Your name:

E-mail:

The content of this field is kept private and will not be shown publicly.

Homepage:

Comment: *

Input format

Filtered HTML

Web page addresses and e-mail addresses turn into links automatically.
Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
Lines and paragraphs break automatically.
You can enable syntax highlighting of source code with the following tags: <code>, <blockcode>, <c>, <cpp>, <drupal5>, <drupal6>, <java>, <javascript>, <php>, <python>, <ruby>. The supported tag styles are: <foo>, [foo].
Information indicating specific htmLawed (X)HTML filter/purifier settings in effect, which may depend on the content-type, will be shown where appropriate.
Twitter-style @usersnames are linked to their Twitter account pages.
Twitter-style #hashtags are linked to search.twitter.com.

Full HTML

Web page addresses and e-mail addresses turn into links automatically.
Lines and paragraphs break automatically.
You can enable syntax highlighting of source code with the following tags: <code>, <blockcode>, <c>, <cpp>, <drupal5>, <drupal6>, <java>, <javascript>, <php>, <python>, <ruby>. The supported tag styles are: <foo>, [foo].
Information indicating specific htmLawed (X)HTML filter/purifier settings in effect, which may depend on the content-type, will be shown where appropriate.

More information about formatting options

CAPTCHA

This question is for testing whether you are a human visitor and to prevent automated spam submissions.

Egglue Powered

crazylazy.info

Syndicate

Projects

Search

Flattr

Imprint

Similar entries

Recent blog posts

wishi's Twitter

Navigation

Links

IIR

Post new comment

Save the nature. Don't print this!

Datenerfassung