GrokEVT is a collection of scripts for reading Windows event log files on Unix. The scripts work together on one or more mounted Windows partitions to extract all information needed (registry entries, message templates, and log files) to convert the logs to a human-readable format.
a9e74aee34e5e451e2940487fc84fcd51ac0c986e96b1681ec9218bf74a94829
GrokEVT is a collection of scripts for reading Windows event log files on Unix. The scripts work together on one or more mounted Windows partitions to extract all information needed (registry entries, message templates, and log files) to convert the logs to a human-readable format.
01a6114fa008aabd4c84b5eb4af2b43ecb2816c9a7e5408de54d5507d0bf83ab
GrokEVT is a collection of scripts for reading Windows event log files on Unix. The scripts work together on one or more mounted Windows partitions to extract all information needed (registry entries, message templates, and log files) to convert the logs to a human-readable format.
2b80f4b4574016d6e7913c59ba5ebc26337eb4b6e89847d6b3c7915ee37caac7
GrokEVT is a collection of scripts for reading Windows event log files. The scripts work together on one or more mounted Windows partitions to extract all information needed (registry entries, message templates, and log files) to convert the logs to a human-readable format.
6f902dae367346418a9ecfa464c85aebf13a360f7c2aa511fe033c2d9a2749f9
GrokEVT is a collection of scripts for reading Windows event log files. The scripts work together on one or more mounted Windows partitions to extract all information needed (registry entries, message templates, and log files) to convert the logs to a human-readable format.
57e49ae767a0e0e8ed567f09d3e5bf0234bf97dbe8e2e04e099887408bb57895
PTwebdav is a utility for Windows which checks for IIS 5.0 servers which are vulnerable to the Webdav Vulnerability using a malformed search method.
c652dfb7340124f0b105b9dd61418eddaf74e988443a0e886ee1c8338f1c4058
Fire and Water Toolkit is a powerful and comprehensive toolkit for network assessment and defense. It scans and maps networks, checks for web vulnerabilities, and includes a powerful, scriptable ISAPI filter (integrates with Snort) for IIS defense. XML based with multiple output options including XSLT reports.
fc6d95d7249e96c3a96f4b67fb95c260226bfbad5012c2bebe90770d6299cdc9
NBpyder, or NetBios Spyder is a suite of NT batch files that take advantage of Windoze netbios connections to glean information about a corporation's network. NBSpyder works by first enumerating domains that the computer can see over a LAN. It then proceeds to get a comprehensive list of machines for that domain, their domain controllers, local administrators and domain admins, and a comprehensive list of IP addresses for that domain. It then attempts to gain administrative access on the domain controllers by semi-intelligent brute force password guessing , and, if successful, goes ahead and downloads the domain user and policy list.
f63eb52728feae6bc1a31c5f1b67d614d3f5bf5a5d684f040e00c47e08413e87
Forensic Toolkit v2.0 is a file properties analyzer designed to examine the files on a disk drive for unauthorized activity. Lists files by their last access time, search for access times between certain time frames, and scan the disk for hidden files and data streams.
4d29428f9ff309f7b8d1dae8cf523a7dcbcace17b6b2fa9a7708117299dc0fa4
NTLast v3.0 is a security audit tool for Windows NT. It can help identify and track who has gained access to your system, and document the details. Includes raw time output for Excel analysis and additional features for Webmasters.
8ec05251c3081e25c2859714a5a176605e31ea2408b766257b565cc544361ff6
WDumpEvt is a tool that makes it easy to manage all the information from Windows NT / 2000 logs. The eventlog tree can be browsed, sorted, erased, filtered, or catagorized. The data can also be dumped into an ASCII-delimited format for importation or HTML for display.
eaf06992361807781762a06be9d593d389e8835393ca184296fbb75b1282e195
Inzider v1.2 shows which processes listen at which ports, and can be used to find Back Orfice 2000 when it is hidden in another process. This is like LSOF for Windows 95/98, Windows NT 4.0 and Windows 2000.
2e6466d6e3dddc4f8a9cbd550dc4bdf278548f173b6f6f055ed30ebfbff8d7b9
SPCheck is a command line utility that can be used to check the service pack and hot fixes on any NT Workstation or Server (assuming you have administrative privileges on the machine). SPCheck v.1.4 checks multiple machines and generates a web page or a comma-delimited text file that you can easily import in a spreadsheet or database program. SPCheck works by remotely connecting to the Registry of NT machines. It parses through the registry information looking at the key for the Service Pack and for the hot fix subkeys.
fefa92cd62fb08b9f2846d287a1f9e31880983f980b475ed37f7d999646c9c8e
FAQ for rasfix.exe
fbfce68bb8e5e746c33c205287d9f86baced70c53d667f8dcfbf312102d3dfa6
FAQ for gsd.exe
3c710b24132607d1316326072588cbbbafa6f8cf55b263847bf047962562da39
FAQ for strongpass.dll
df93ffe11f4f0ddb63722def399cb9f806a3b6cd35c76459afe67e090730f6d7
FAQ for winfo.exe
df740c0c4b0a038956f3025557238c599d092273325f31256b6d38a9b8485b33
Rasfix: tightens the permissions on the rasman (Remote Access Connection Manager) service in Windows NT. This stops the exploit which Alberto Rodriguez Aragons has constructed.
4bed80ff071c6731b236cc70719c91374e21506329cc7889017f26e8895a9121
GSD (Get Service Dacl) gives you the DACL (Discretionary Access Control List) of the Windows NT service you specify as a command line option.
207e65ce416221840f3ea2bdd7b9ff9ee7a7a1ebf1ab4e9599eab2ee19af02c4
NTLast 1.6 is a security audit tool for Windows NT. It's a Win32 command line utility with several switches that search the event log for Interactive/Remote/Failed logon stats. In it's simplist form, it reports the last ten successful logons at your computer. NTLast does two significant things that event viewer does not. It can distinguish remote/interactive logons and it matches logon times with logoff times. NTLast is designed to assist your efforts in tracking down logon/logoff data.
f4714562db9789cff915e2fdb7578a6c93cb3878834211ba13fda28f127c0952
A DLL that works like passfilt.dll, but enforces some extra password policies to make it harder for password crackers like l0phtcrack to crack LANMAN hashes of the passwords.
46c055ddc72e9b13f964b8310997adc7198cac1962db7fc18277c4aea581363b
Uses Null Sessions to retrieve account and share information from Windows NT.
438d40336b187ddd4f1ae7936aab6bee89668ec6aa6a4955fd9e39953de21f77
Excellent 110 page document that details administrative and operational guidelines for securely installing Windows NT networks in NSA and other DoD environments. Addresses both Windows NT Server and Workstation, as well as Windows 95 clients, MSP, and IIS.
c9015de1dc92c00beec8508cd5b678de5fe20e60b153e2572d3b28d0f58483ff
SCE.TXT
7e39fc693c7b2e6ff46be9fb0d1bd1ede22c589382f800afb45fbafc7034ee56
UltraScan port scanner.
d7f9db58108d493a5aeb3890e65aa68f39057903c1d88653edf32ffd3638eed3