![]() Has someone or something compromised one of your Windows systems and you want to see the activity under the hood? Formal forensics methodologies aside, you can download and run Sysinternals Process Monitor, which shows you anything and everything taking place on Windows systems from registry access to file writes to network connections and beyond as shown in Figure 2.įigure 2 Using Sysinternals' ProcessMonitor shows exactly what's going on in Windows at any given time. If you would like to check access rights to directories, files or even registry keys on a specific system, then check out the similar AccessEnum tool. ( Click on image for enlarged view.)Īrmed with this information, you can revoke unnecessary rights and lock down your sensitive files. This tool will uncover open shares that everyone and every group has access to, similar to my findings in Figure 1.įigure 1 Using Sysinternals' ShareEnum to enumerate open and exposed network shares. Enter an IP address range or Windows domain to scan.By using the ShareEnum tool, you can put a stop to this unnecessary sharing out of directories and files to those who don't need access. While this function can serve a legitimate purpose, it can be easily exploited by users with malicious intent. I've noticed that users often take advantage of the power of networked computers and file sharing. Scenario 1: Scanning for open network shares that users have haphazardly enabled They aren't difficult to use, but you may end up making Windows do more than you intended and crash your system or lose important data. ![]() These tools are not for the faint of heart. I suggest you read the documentation that comes with each tool and proceed with cautious enthusiasm. Analyzing TCP sessions to determine who's talking to what and vice versaīe forewarned that you shouldn't jump in head first with Sysinternals tools.Monitoring system activity during a suspected intrusion or malware infection.Scanning for open network shares that users have haphazardly enabled.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |