Handler on Duty: Jan Kopriva
Threat Level: green
Back to Tools | Tom Liston | Rob VandenBrink | Bojan Zdrnja | Lenny Zeltser | Richard Porter | Guy Bruneau | Russ McRee
- GDI Scan - gdiscan.exe was written for Windows 2000 and higher. It scans the drive containing the Windows %system% directory and Looks for vulnerable versions of gdiplus.dll, sxs.dll, wsxs.dll, mso.dll and vgx.dll.
- WhereIs Country Lookup by IP - Mass Country lookup by IPv4 or IPv6 address- whereis started as an idea and a cludgy 4-5 line script, and ended up being pared down to a much more elegant one line script over the course of a sec504 class. Many people were involved in making it what it is now.
- iPhoneMap (opens in new window) - iPhoneTracker port to Linux
- Splunk for DShield (opens in new window) - The application retrieves DShield data (All Sources IPs) daily, removes leading zeroes from logs and indexes it into Splunk.
- wascompanyhacked.com (opens in new window) - The site offers a simple way to query Twitter for search terms often associated with security incidents.
- ISC Reader (iPhone) - ISC Reader freely available in the Apple App Store
- DNS Sinkhole scripts - Contains all the necessary pre-configured files to get a BIND DNS Sinkhole setup.
- MIR-ROR - Motile Incident Response - Respond Objectively, Remediate (MIR-ROR) is a security incident response specialized, command-line script that calls specific Windows Sysinternals tools, as well as some other useful utilities, to provide live capture data for investigation.