RE: Black Hat Conference was FAR OUT!
- From: "Joseph" <cismic@xxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Sun, 10 Feb 2002 01:42:15 -0800
Hey Tom,
That's why I pointed that out. It seems that when the ones are turned
into zeros there could be some information that is indeed left behind.
Or left out as the case maybe. As part of my log file white paper, I've
included information about various registry settings that one could use
to see if a system was being compromised or not and what to do to
protect those log files. I like digging into this stuff. Just all is
time consuming.
I really should start going to those types of conventions. I would gain
a lot out of the attendance.
Joseph
-----Original Message-----
From: Thomas W. Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Saturday, February 09, 2002 8:26 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Black Hat Conference was FAR OUT!
http://www.ISAserver.org
Hi Joseph,
Good info. Actually, something that came up in one of the talks relates
to this. You might not want to enable this option on machines that
you'll want to preserve the 'chain of evidence' on after an attack. Some
helpful information for forensic analysis might be available in the page
file.
Thanks!
Tom
www.isaserver.org/shinder
-----Original Message-----
From: Joseph [mailto:cismic@xxxxxxx]
Sent: Saturday, February 09, 2002 8:31 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Black Hat Conference was FAR OUT!
http://www.ISAserver.org
Good going!
Here is a cool tip for your books:
There is a registry key that can be created so that the memory manager
clears the page file when the system goes down:
HKLM\SYSTEM\CurrentControlSet\Control\Session
Manager\MemoryManagement\ClearPageFileAtShutdown: 1
Note: when clearing of the page file only is done when the system is
brought down in a controlled fashion. If the machine is just switched
off or brought down in any other brute way, of course no clearing will
be performed.
Joseph
-----Original Message-----
From: Thomas W. Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Saturday, February 09, 2002 6:29 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Black Hat Conference was FAR OUT!
http://www.ISAserver.org
Hey everyone,
I just got back from the Black Hat security conference and it was GREAT!
The talks I attended were top notch and I learned a TON of stuff that I
can put into practice right away. Also was a great consciousness raising
experience and gave me some ideas for more articles on ISAserver.org.
I wasn't thinking of giving awards for the conference, but here's a few:
TOUGHEST QUESTION ASKER:
thor@xxxxxxxxxxxxxxx
HOTTEST BABE:
Ping
MOST INTERESTING AND THOUGHT PROVOKING CONVERSATIONS:
Guys from the NSA (names withheld :-)
MOST LIKELY TO BE NICKNAMED SUPERMAN WHO CAN LEAP TALL AIRPORTS WITH A
SINGLE BOUND:
Jim Harrison
If you didn't make it to the conference, make sure you hit the one in
Las Vegas in late July of this year.
Thanks!
Tom
www.isaserver.org/shinder
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
cismic@xxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
cismic@xxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
