MIR-ROR – Incident Response Script

Viewing 3 reply threads
  • Author
    • #3869

      I just stumbled across the MIR-ROR (Motile Incident Response
      – Respond Objectively, Remediate) tool reported over at the ISC Storm Center as reviewed in June’s ISSA journal (http://holisticinfosec.org/toolsmith/docs/june2009.pdf).  It is a script which was created by a Microsoft IH guru and utilizes the SysInternal utilities.

      The script automates and consolidates the output from a variety of Windows and SystInternals commands.  net *, ipconfig, arp, netstat, nbtstat, systeminfo, tasklist, openfiles, driverquery, sc, at, set, ftype, assoc, and doskey from the %systemroot% and the remaining tools, autorunsc, handle, listdlls, logonsessions, now, psfile, psinfo, pslist, psloggedon, psloglist, psservice, seccheck, showacls, showpriv, sigcheck, srvinfo, and tcpvcon from the SysInternal utilities.

      I am sure you could create a USB stick/CD and change the script to use known good Windows files, in case you do not trust the actual Windows executable (but then again, the output could lie).

      If you are interested in more tool write-ups from ISSA, please visit http://holisticinfosec.org/content/view/12/26/.

    • #24704

      Sounds pretty interesting, will have to check it out.

      Or, you could create a Windows LiveCD to run it from 🙂

    • #24705

      This is really good…. nice find, going on my IR usb stick

    • #24706

      Thanks for sharing this information, haven’t heard of MIR-ROR before. I guess this is another program which comes on my to-test-list.

Viewing 3 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.


Sign in with Caendra

Forgot password?Sign up

Forgot your details?