Sign in
Robert Hensing's Blog
Software Security . . . and stuff.
Options
Email Blog Author
RSS for posts
Atom
RSS for comments
OK
Search Blogs
Tags
No tags have been created or used yet.
Archive
Archives
December 2008
(1)
November 2008
(2)
October 2008
(11)
September 2008
(13)
August 2008
(6)
July 2008
(11)
June 2008
(24)
May 2008
(11)
April 2008
(15)
March 2008
(15)
February 2008
(11)
January 2008
(7)
December 2007
(9)
November 2007
(15)
October 2007
(23)
September 2007
(18)
August 2007
(8)
July 2007
(13)
June 2007
(10)
May 2007
(12)
April 2007
(8)
March 2007
(5)
February 2007
(4)
January 2007
(7)
December 2006
(5)
November 2006
(6)
September 2005
(1)
July 2005
(1)
March 2005
(4)
February 2005
(6)
January 2005
(8)
November 2004
(1)
October 2004
(2)
August 2004
(2)
July 2004
(1)
January, 2005
TechNet Blogs
>
Robert Hensing's Blog
>
January, 2005
Posts
Subscribe via RSS
Sort by:
Most Recent
|
Most Views
|
Most Comments
Excerpt View
|
Full Post View
Robert Hensing's Blog
WOLF sizes up the MySQL bot / worm / spreader thing . . . a live system perspective
Posted
over 8 years ago
by
rhensing
12
Comments
So it seems that there is a new MySQL bot that is spreading to Windows machines running MySQL with weak SA (or whatever MySQL's equivalent is) passwords. You can read more about it here http://news.zdnet.com/2100-1009_22-5553570.html and here: http:/...
Robert Hensing's Blog
The Blame Game - I won't go there.
Posted
over 8 years ago
by
rhensing
14
Comments
So I'm getting some 'interesting' and frankly un-expected comments on my most recent 'Anatomy of . . . ' posts where I delve into examples of a hack involving certain vulnerabilities (one of which wasn't even in one of our products I'd like to point out...
Robert Hensing's Blog
Anatomy of a WINS server hack (MS04-045) . . .
Posted
over 8 years ago
by
rhensing
20
Comments
Okay - so here is my analysis of a recent WINS hack a customer experienced. The customer caught this by analyzing their netflow data from their routers . . . they suddenly started sending tremendous amounts of packet love and affection to various IP's...
Robert Hensing's Blog
Anatomy of a Veritas BackupExec Agent Browser hack via TCP 6101
Posted
over 8 years ago
by
rhensing
16
Comments
I've gotten some really great feedback on my blog now that I'm actually blogging about incident response topics - I appreciate the feedback, keep it coming! So we here in PSS Security are tied into the security incident response community fairly well...
Robert Hensing's Blog
Advanced hiding techniques: The mystery of the trojaned Winlogon.exe
Posted
over 8 years ago
by
rhensing
25
Comments
So the war between the miscreants and the first responders / incident responders is just that - it's a war with casulaties (servers, workstations, work life / home life balance) and it is complete with an arms race in the form of stealthing (miscreants...
Robert Hensing's Blog
More miscreant hiding techniques and some interesting observations on the Hacker Defender rootkit . . .
Posted
over 8 years ago
by
rhensing
My last blog post was about miscreant hiding techniques . . . unfortunately one can probably write a book devoted to some of the more popular techniques . . . I'm just going to blog from time to time about the ones my team is encountering (call it miscreant...
Robert Hensing's Blog
Miscreant hiding techniques: Would the real explorer.exe please stand up? And the relevance of 1979 when doing searches . . .
Posted
over 8 years ago
by
rhensing
6
Comments
At long last - a blog post about Incident Response in the self-proclaimed 'Incident Response' blog! Before I finally crash for the night there are two things I wanted to bring to the attention of folks interested in Windows IR that my team has come across...
Robert Hensing's Blog
Admin Personas - at long last . . .
Posted
over 8 years ago
by
rhensing
4
Comments
Okay so this post is several months late - what can I say, I'm easily distracted and overly busy. Hopefully if you are reading this post you've already read the post on hacker personas. Having been on the PSS Security team for over three years now I've...
Page 1 of 1 (8 items)