Home > Windows tools for investigating an attack
Security School:
EMAIL THIS

Windows tools for investigating an attack

07 Jun 2007 | SearchSecurity.com

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   

by Michael Cobb

This checklist is a companion to the primer, Web site attacks and how to defeat them, part of SearchSecurity.com's Intrusion Defense School lesson, Web attack defense and prevention.

 Windows tools for investigating an attack
Run event viewer to look at logs:
C:\> eventvwr.msc
Look for suspicious events:
"Event log service was stopped."
"Windows File Protection is not active on this system."
"The MS Telnet Service has started successfully."
Look for a large number of failed logon attempts or locked out accounts.
Look at file shares, and make sure each has a defined business purpose:
C:\> net view 127.0.0.1
Look at who has an open session with the machine:
C:\> net session
Look at which sessions the machine has opened with other systems:
C:\> net use
Look at NetBIOS over TCP/IP activity:
C:\> nbtstat –S
Look for unusual listening TCP and UDP ports:
C:\> netstat –na
Look for unusual scheduled tasks on the local host, especially those that run as a user in the Administrators group, as SYSTEM, or with a blank user name by running:
C:\> at
Look for new, unexpected accounts in the Administrators group:
C:\> lusrmgr.msc
Look for unusual/unexpected processes:
Run Task Manager
Look for unusual network services:
C:\> net start
Check file space usage to look for sudden major decreases in free space:
C:\> dir

Security School

Download the primer: Web site attacks and how to defeat them.

Return to Intrusion Defense School.



BROWSE BY TAG
Identify and analyze Web server attacks,   Preventing Web server attacks: Spyware and malware defense,   Intrusion Defense School,   VIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   



RELATED CONTENT
Identify and analyze Web server attacks
Web site attacks and how to defeat them
Quiz: Identify and analyze Web server attacks

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary




Search Additional Security Research and Solutions
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts