#19: Detecting Signs of APT and Malware
Update: 2011-10-17
Description
In all of the cases that I've worked where a malware infection, suspected APT or other security breach had occurred, detectable file remnants were left behind. How can you find them? Can IT audit techniques help?
In this episode we take a look at a super easy technique that allows you to find any type of file or any specific file anywhere within your domain. The script can also be modified to allow you to create an inventory of any other type of file you need to.
For a copy of the script and a longer discussion, please be sure to check the show notes: http://it-audit.sans.org/blog/2011/10/17/detecting-malware-apt-like-threats-domain-wide-file-finder/
In this episode we take a look at a super easy technique that allows you to find any type of file or any specific file anywhere within your domain. The script can also be modified to allow you to create an inventory of any other type of file you need to.
For a copy of the script and a longer discussion, please be sure to check the show notes: http://it-audit.sans.org/blog/2011/10/17/detecting-malware-apt-like-threats-domain-wide-file-finder/
Comments
In Channel
Download from Google Play
Download from App Store
United States00:00
00:00
x
