I've had recent occasion to utilize two very different, yet equally excellent LiveCDs.
The first is the ZoneCD from Public IP: http://www.publicip.net/zonecd/download.php
"The ZoneCD is a bootable CD with a collection of GNU/Linux software pre-configured to create a WiFi gateway with automatic hardware detection, and support for many graphics cards, sound cards and other peripherals. The gateway includes support for WiFi end-user authentication and web content filtering."
I recently deployed it as a temporary controller of sorts for use as a public hotspot where a splash page and "click to consent" is required. Truly excellent functionality.
The second LiveCD that impressed me to no end recently is e-fense's Helix 1.7, offering incident response, electronic discovery, and computer forensics.
"Helix has been modified very carefully to NOT touch the host computer in any way and it is forensically sound. Helix will not auto mount swap space, or auto mount any attached devices. Helix also has a special Windows autorun side for Incident Response and Forensics."
If you have a need for these features but no budget for commercial products like EnCase, consider downloading this iso immediately.
Tuesday, December 27, 2005
Monday, December 19, 2005
Why run IIS on Windows XP?
http://ingehenriksen.blogspot.com discovered a Microsoft IIS Remote Denial of Service (DoS) .DLL Url exploit on Friday the 16th.
This lends to the debate whether or not a webserver on a desktop PC is a good idea. Obviously, developers have a strong opinion here, so consider the following: run IIS as localhost only, use Windows Firewall to block all web ports, and disable SMTP and Front Page extensions. Disabling Front Page extensions will prevent the above exploit even if the Windows Firewall is off.
This lends to the debate whether or not a webserver on a desktop PC is a good idea. Obviously, developers have a strong opinion here, so consider the following: run IIS as localhost only, use Windows Firewall to block all web ports, and disable SMTP and Front Page extensions. Disabling Front Page extensions will prevent the above exploit even if the Windows Firewall is off.
Subscribe to:
Posts (Atom)
Moving blog to HolisticInfoSec.io
toolsmith and HolisticInfoSec have moved. I've decided to consolidate all content on one platform, namely an R markdown blogdown sit...
-
Continuing where we left off in The HELK vs APTSimulator - Part 1 , I will focus our attention on additional, useful HELK features to ...
-
As you weigh how best to improve your organization's digital forensics and incident response (DFIR) capabilities heading into 2017, cons...
-
When, in October and November 's toolsmith posts, I redefined DFIR under the premise of D eeper F unctionality for I nvestigators in R ...