From: Teicher, Mark (Mark) (teicher@avaya.com)
Date: Thu Jan 29 2004 - 12:42:50 EST
Cenzic 3.0 has the breadth but it still required an experience person to
understand and have the ability to create custom testing scenarios.
/mark
-----Original Message-----
From: DaemonLabs.com Support (MLM) [mailto:Lists@DaemonLabs.com]
Sent: Thursday, January 29, 2004 7:48 AM
To: sil; Kerri Sharp
Cc: forensics@securityfocus.com; pen-test@securityfocus.com
Subject: Re: HailStorm - was digital surveillance techniques for
forensics/penetration
FYI,
HailStorm at the time was created by Greg Hoglund - writer of the
NTRootkit.
HailStorm is being promoted these days by the same team, called Cenzic
(www.cenzic.com), formerly known as "ClickToSecure". HailStorm is still
(in much improved form) there, FYI.
Cheers - Marnix Petrarca
----- Original Message -----
From: "sil" <jesus@resurrected.us>
To: "Kerri Sharp" <kerri@dancetonight.com>
Cc: <forensics@securityfocus.com>; <pen-test@securityfocus.com>
Sent: Friday, January 23, 2004 09:07
Subject: Re: digital surveillance techniques for forensics/penetration
>
> Many commercial packet sniffers can reconstruct packet dumps, sniffit,
> NAI's Sniffer, etc. There was a product out a few years back called
> Hailstorm which offered pretty neat features, I used the beta for
about a
> month testing it, but don't recall who made it, nor have I seen any
more
> information on it. Iris from eEye also does reconstruction, but
haven't
> used it in recent months.
>
> If you're looking for some hardware based boxes that can do the job
and
> then some check out Niksun's NetDetector (http://www.niksun.com/), or
> Sandstorm's NetIntercept (http://www.sandstorm.com/). But if you're
just
> looking for general information on reconstruction, you could probably
> google +"packet sniffer" +reconstruct or any combination of that.
>
> NANOG just had a thread that might have interested you this week:
"What's
> the best way to wiretap a network?" which would likely give you a ton
of
> ideas of what those in the networking industry are using/doing.
Merit.edu
> has the archives somewhere in there (too tired to open a browser
sorry.)
>
>
> > Hi List
> >
> > Anyone know of the tool which reconstructs captured data?? For
example
> > intercepted email with attachments or ftp data.
> >
> > I saw a flash demo sometime ago at www.sainstitute.org about digital
> > surveillance techniques which they cover in DefensiveForensics and
> > DefensiveHacking. This demo has since been
> > removed :-( any ideas anyone?
> >
> > Thx
> > Kerri
> >
>
> =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
> Quis custodiet ipsos custodes? - Juvenal
>
> J. Oquendo / sil
> GPG Key ID 0x51F9D78D
> Fingerprint 2A48 BA18 1851 4C99 CA22 0619 DB63 F2F7 51F9 D78D
> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x51F9D78D
>
> sil @ politrix . org http://www.politrix.org
> sil @ infiltrated . net http://www.infiltrated.net
>
>
------------------------------------------------------------------------
-- - > ------------------------------------------------------------------------ -- -- > --- Outgoing DaemonLabs.com E-Mail is AVG 2004 Certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.572 / Virus Database: 362 - Release Date: 27-Jan-04 ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:47 EDT