From: Rob Shein (shoten@starpower.net)
Date: Fri Jan 16 2004 - 20:01:16 EST
If you want the function of a keylogger without having to worry about
software/OS compatibility, simply use a Key Katcher (www.keykatcher.com)
between your keyboard and computer. Just be sure to sed out any
password/login combinations to your own stuff that you use. Oh, one thing;
I don't think it'll work on Sun hardware.
> -----Original Message-----
> From: Don Parker [mailto:dparker@rigelksecurity.com]
> Sent: Monday, January 12, 2004 6:18 PM
> To: R. DuFresne; Don Parker
> Cc: n30; security-basics@securityfocus.com; pen-test@securityfocus.com
> Subject: Re: Auditing / Logging
>
>
>
> Well, you raise a valid point as to the commands not being logged.
> Again I would prefer simplicity, so just install a keylogger.
> There is no need to overcomplicate things. Though a keylogger
> will not work
> on most *nix systems to my knowledge. Though all of this should be
> negotiated with the client prior to the pen test being done ie: what
> kinds of logs will be retained and the such. This is one thing which
> should be spelt out clearly prior to any pen test actually
> taking place.
>
> Cheers
>
> -------------------------------------------
> Don Parker, GCIA
> Intrusion Detection Specialist
> Rigel Kent Security & Advisory Services Inc
> www.rigelksecurity.com ph :613.249.8340 fax:613.249.8319
> --------------------------------------------
>
> On Jan 12, "R. DuFresne" <dufresne@sysinfo.com> wrote:
>
> On Mon, 12 Jan 2004, Don Parker wrote:
>
> > The simplest solution would be to simply log all activity using
> > tcpdump in binary
> > format. This decreases the file size, is faster, and allows
> you to manipulate it after.
> > You can also input this binary log into any protocol
> analyzer afterwards as well ie:
> > ethereal, etherpeek nx and the such.
> >
> > Doing the above also gives you and your client a copy of
> exactly what
> > it is you have
> > done during your pen test should there be any questions/complaints.
>
>
> Which s great on the data being obtained, yyet fails to
> retain the nature of the exact command that retrieved the
> data, so make sure one either tee's allcommands to a file
> <date stamps can help here> or one runs script or something.
> This helps if one has data results that are similiar and they
> need to know which command applies to which data, as well as
> make it possible to dupe scenarios.
>
> Thanks,
>
> Ron DuFresne
> --
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> admin & senior security consultant: sysinfo.com
> <a
> href='http://sysinfo.com'>http://sysinfo.com>
>
> "Cutting the space budget really restores my faith in
> humanity. It eliminates dreams, goals, and ideals and lets
> us get straight to the business of hate, debauchery, and
> self-annihilation."
> -- Johnny Hart
>
> testing, only testing, and damn good at it too!
>
>
> --------------------------------------------------------------
> -------------
> Ethical Hacking at InfoSec Institute. Mention this ad and get
> $720 off any
> course! All of our class sizes are guaranteed to be 10
> students or less.
> We provide Ethical Hacking, Advanced Ethical Hacking,
> Intrusion Prevention,
> and many other technical hands on courses.
> Visit us at <a
> href='http://www.infosecinstitute.com/securityfocus'>http://ww
> w.infosecinstitute.com/secur
> ityfocus</a> to get $720 off
> any course!
> --------------------------------------------------------------
> --------------
>
>
>
>
> --------------------------------------------------------------
> -------------
> --------------------------------------------------------------
> --------------
>
>
---------------------------------------------------------------------------
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:45 EDT