Tag Archives: incident

Information Gathering Incident Response Script


Posted on October 24, 2012 by

So, you have a PC on your network that you think might be infected with some malware.  What do you do?  Well, you could always PSExec into the computer and run a series of commands.  But why not automate that process and store the results?

That was my motivation for writing this IR-Script.  It is like a first response tool for investigating a possibly infected PC.  You run the tool, gather a bunch of information, and store it for review.  The script gathers the following information from a PC: (more…)

What War Games teaches us about security (Part 2)


Posted on July 4, 2012 by

This is the second part of my posts on what the 1983 move War Games can teach us about security.  Here, I want to talk about the part of the movie where David Lightman (Matthew Broderick’s character) realizes that he almost started World War III and is in the process of throwing away any evidence that he hacked into NORAD.  At that moment, the NORAD supercomputer WOPR calls David.  Later in the movie, McKittrick (Dabney Coleman’s character) says it’s impossible for the WOPR to call someone.  Well, he was obviously wrong, because the WOPR did call out.  Fail!  Which brings us to our second lesson. (more…)