System-state change utility
Posted 16 May 2005 - 01:59 PM
In order to achieve my goal, I require a utility that will will take a picture of my system's files, folders and registry, then alert me if anything has changed.
Do you guys know of a good app?
Posted 16 May 2005 - 02:01 PM
Posted 16 May 2005 - 02:15 PM
Why would my idea be a bad one? The system is going to be on it's own internet connection, not connected to my personal lan. It will have it's own separate unique (external) IP address. The system also has a Ghost Image. As soon it becomes corrupt, I can re-ghost it back to it's original state.
Posted 16 May 2005 - 02:18 PM
i type akward sometimes so just call me a newb and ask wut i meant when i do...
Posted 16 May 2005 - 04:52 PM
windows is not the ideal system for a honeypot
Posted 16 May 2005 - 05:36 PM
For instance, the LSASS vulnerability. I want to play with it...embrace it, you know
When I'm done playing with LSASS, maybe I'll move on to MS05-017.
For this, I will require a full customizable Windows Box.
A few more questions:
Any comments on Auditor Live CD and their Honeypots?
Anyone here of a windows based Live Distro, Like Knoppix? (I doubt it..)
Can someone name a program that reports reg/file changes in windows?
Posted 17 May 2005 - 07:44 AM
As for the File Integrity Checkers, using an amazing tool called "Google", I was able to come up with the following freeware/trial based utils:
GFILanGuard - http://www.gfi.com/l...simfeatures.htm
Sentinal (30 Day Trial) - http://www.runtimewa...age=p_sentinel2
SnapShot - http://www.snapfiles...hatchanged.html
WhatChanged - http://www.prismmicr...anged/index.htm
Using BartPE and Sentinal, I believe I can created an online tool (call it a honeypot if you want) that I can use to analyze attacks as they happen.
BinRev is hosted by the great people at Lunarpages!