Some time my work force me to do detective work on MS-Windows boxes. Just like Linux / UNIX / BSD system , Windows machines get *owned* a lot. Recently while searching for information I came across couple of nice built-in windows command line security tools to determine if a system has been hacked cracked.
Fortunately, Microsoft has built numerous tools into Windows so administrators and power users can analyze a machine to determine whether it's been compromised. In this tip, which is the first of a two-part series, Author has covered five useful command-line tools built into Windows for such analysis.
=> Built-in Windows commands to determine if a system has been hacked : Part I and Part II
Featured Articles:
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- 10 Greatest Open Source Software Of 2009
- My 10 UNIX Command Line Mistakes
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- Top 20 OpenSSH Server Best Security Practices
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Linux Video Editor Software
Want to read Linux tips and tricks, but don't have time to check our blog everyday? Subscribe to our daily email newsletter to make sure you don't miss a single tip/tricks. Subscribe to our weekly newsletter here!
- Email this to a friend
- Download PDF version
- Printable version
- Comment RSS feed
- Last Updated: May/29/2008
{ 4 comments… read them below or add one }
Blah who has time for all that. Find a dedicated managed server. I run with Server Intellect fully managed. They run full scans for me each month. One less thing I have to worry scan for. Spend more time being productive and less time chasing down wanna be hacker kiddies.
… seriously?
Every month?
What, so if you got compromised, that’s no problem, because you’ll find out like 4 weeks later.
Meanwhile some dude in Belarus has all your customer data, credit cards, etc
…or do you work for Server Intellect?
(Incidentally that’s not a jab at Server Intellect, I’m not familiar with them and they’re probably fantastic for all I know)
btw Great articles, though they would have been better if they pointed out which command line tools were more useful than others at spotting common cloaked rootkits..
Henrick I think your missing the point, I have someone who runs scans for me. I still continue to monitor and run scans myself but I have a third party also reviewing and watching my server and updating it if I dont get the chance to right away. Plus if I do get rooted, I have some support to back me up and resolve issues. Most people that run their own servers wouldn’t know a root kit if it bit them in the ass. I dont always have time to read the newest rootkit, or patch needed to protect my server from being rooted. Also if I had Customer CC and data It wouldn’t be in clear text=)