MIR-ROR – Incident Response Script

Viewing 3 reply threads
  • Author
    Posts
    • #3869
      unsupported
      Participant

      I just stumbled across the MIR-ROR (Motile Incident Response
      – Respond Objectively, Remediate) tool reported over at the ISC Storm Center as reviewed in June’s ISSA journal (http://holisticinfosec.org/toolsmith/docs/june2009.pdf).  It is a script which was created by a Microsoft IH guru and utilizes the SysInternal utilities.

      The script automates and consolidates the output from a variety of Windows and SystInternals commands.  net *, ipconfig, arp, netstat, nbtstat, systeminfo, tasklist, openfiles, driverquery, sc, at, set, ftype, assoc, and doskey from the %systemroot% and the remaining tools, autorunsc, handle, listdlls, logonsessions, now, psfile, psinfo, pslist, psloggedon, psloglist, psservice, seccheck, showacls, showpriv, sigcheck, srvinfo, and tcpvcon from the SysInternal utilities.

      I am sure you could create a USB stick/CD and change the script to use known good Windows files, in case you do not trust the actual Windows executable (but then again, the output could lie).

      If you are interested in more tool write-ups from ISSA, please visit http://holisticinfosec.org/content/view/12/26/.

    • #24704
      BillV
      Participant

      Sounds pretty interesting, will have to check it out.

      Or, you could create a Windows LiveCD to run it from 🙂

    • #24705
      Jhaddix
      Participant

      This is really good…. nice find, going on my IR usb stick

    • #24706
      UNIX
      Participant

      Thanks for sharing this information, haven’t heard of MIR-ROR before. I guess this is another program which comes on my to-test-list.

Viewing 3 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?