The SIDTk 1.0 is a collection of command-line tools aimed at improving host-based intrusion detection conditions on Windows desktops and servers. This kit includes ADSScan, an alternative data stream scanner, IntegCheck, a Tripwire clone, LogUser, a module to detect invalid user accounts, and various other utilities.
b116b7179c127664fa546eef973bf5814cf8c34bb55b3f3f55382fb126efbfbcLogIDS 2.0 is a real-time, log-analysis based intrusion detection system able to analyze log files from various sources, and can be used with LogAgent 4.0 to supply these log files. This utility allows for a user specified formatting of each log file it utilizes which then enables an end user to define rules for each of the files given, resulting in one single interface to analyze and display all this data gathered from varied sources, IE. Event Viewer, ComLog, antivirus logs, personal firewall logs, Snort logs, LogAgent 4.0 Pro Logs, ADSscan, IntegCheck, just to name a few examples. The interface is also pretty innovative as the GUI is a logical representation of your network architecture, where each node possesses its own window where logs belonging to it are displayed. Sounds can also be emitted for alerts and warnings with this utility. Screen captures are available here.
a023dfcda7983adecd548182d72a58a5c23230207c65fb0e5c241f277dc04201LogIDS 1.0 is a real-time, log-analysis based intrusion detection system able to analyze log files from various sources, and can be used with LogAgent 4.0 to supply these log files. This utility allows for a user specified formatting of each log file it utilizes which then enables an end user to define rules for each of the files given, resulting in one single interface to analyze and display all this data gathered from varied sources, IE. Event Viewer, ComLog, antivirus logs, personal firewall logs, Snort logs, LogAgent 4.0 Pro Logs, ADSscan, IntegCheck, just to name a few examples. The interface is also pretty innovative as the GUI is a logical representation of your network architecture, where each node possesses its own window where logs belonging to it are displayed. Sounds can also be emitted for alerts and warnings with this utility. Screen captures are available here.
3a616f0662f050dc9454ba032a5901b1138d75260cdf615c4105679e49492880This tool is a log file monitoring and centralization tool. You can use it to monitor the Event Viewer logs, and ASCII log files from just about any application, including, but not limited to, antivirus, personal firewalls, ComLog, Snort, etc. LogAgent 4.0 also comes with 2 companion tools that are ADSScan and the combo HashGen and IntegCheck. ADSScan is an alternate data streams scanner, and HashGen/IntegCheck is a MD5-SHA1 file system integrity checker, or also known as a host-based intrusion detection system.
d2cf59adf7aa0cd3186bf9ff062ee27043fd5b8d2286aed46d27b96a616c008aThis tool is a command prompt (cmd.exe) logger, useful for generating intrusion evidence that was previously unavailable. With this tool, you can log command prompt sessions be it from the console, a compromised IIS system or through a netcat tunnel. Working a bit like a wrapper, ComLog takes the place of cmd.exe and passes the commands to be executed to the real cmd.exe which is renamed cm_.exe. Version 1.05 changes include MS-DOS icon added to the executable, and better camouflage to avoid detection by the monitored.
ace19f02d040949d4cffa6040cf70cc0e5f3a1f3b3e71d7dfd20cba25e0cecf8LogAgent 2.1 is a tool made in Perl for recollecting log files from various applications and various machines into a central location in (almost) real-time in order to improve network activity awareness.
867e7642dba7e846977ec8889a55c89f90d7adfa2c03702a8a4c8767d760726fComLog.pl, a WIN32 command prompt logger - The goal of this paper is to present a new Perl tool made to monitor DOS sessions on Windows NT/2K (should also work on XP). This tool can be used by administrators to keep a history of commands typed in the DOS command prompt and the associated output, for example on an IIS server. This can help admins to figure out what an attacker has done after compromising the machine via one of the numerous vulnerabilities available.
5bb1270554a58f6c4a654c5606f788b2f62f2ad347bee9a773e47748ee4612d5Logagent is a Windows tool in Perl which monitors several ascii logfiles and redirect any change made to a central location. Supports remote logging.
a644d6b393a1f7bf9c90966cb62683ca5a4f11ddb0426bf0e5ec94a801fc811d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed