Russell, Was actually why i asked the question, your USB switchblade with the sysinternals stuff
well done btw On Tue, Jul 28, 2009 at 9:17 AM, Russell Butturini <[email protected]>wrote: > What can I say, I’m a shameless self promoter: > > http://www.irongeek.com/i.php?page=videos/incident-response-u3-switchblade > > > > Of course for this to match to John’s rules, you have to remove the > Sysinternals tools, which are free but TECHNICALLY have no redistribution > license so I guess they don’t really conform. The scripting for the > evidence collection process can all be launched from the command line though > (and 90% of it involves no 3rd party tools, just good old DOS fu). > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *John Strand > *Sent:* Tuesday, July 28, 2009 7:55 AM > *To:* PaulDotCom Security Weekly Mailing List > *Subject:* [Pauldotcom] Blue Team Tactics > > > > Please! PSW land! Share your Blue Team tactics! > > > > What tools, scripts, and techniques do you use as part of Incident Response > and Blue Team Activities? > > > > I have sat in on one to many Red/Blue/CTF games where the Red team gets > Core, Canvas, Metasploit, Nessus, Satan, Sara, Cain and Able, Ettercap, > Dsniff, Hydra, 0phcrack, Nmap, BT4 and various torture techniques (including > IronGeek's rubber hoses) and the the Blue team gets.... > > > > "An un-patched Windows 2000 box and a slew of un-patched software!!!!!'' > > > > Please see the following video for reference: > > > > http://www.youtube.com/watch?v=Y77n--Af1qo<http://console.mxlogic.com/redir/?5xWX28UsCro76zBcQsILzzo08JlKrp3-nMNIX4OhAU3zxQ2Vsgth5GCXZuWrWbPNEVhsdTdHqSuxmqVsxlK5LE2xfBJrfgHdvBPrwVBMSyCMYeussud79JCVIQJxrmPQaPndbFEw6jS_d409_ljh02tJelG6V-7PM76Qjq9JwsqekPhOyqejhOrZav_q7AuljWD> > > > > Yea.. Thats right.... As of today the Blue Team is what you get assigned > to when you are caught stuffing peas up your nose. > > > > This stops today!!! > > > > There are a few rules. Tricks and scripts must be able to run at the > command line of your operating system of choice and all tools must be > freeware or open source. > > > > Thats it!!! > > > > Look, the Blue Team *can* rock!!! So please share your tricks. > > > > I am going to collect and add to them so we have a solid list and this will > serve as the playbook for the Blues going forward. > > > > Be expecting this on the PDC site soon. > > > > strandjs > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
