Robert Hensing posted very interesting article with details of the procedure he and incident response team used to track down an modified WINLOGON.EXE backdoor. [Update 02/25/2005] Sysinternals just released a tool to detect rootkits - RootkitRevealer that can be VERY helpful in this process. BTW, new post from Robert Hensing on rootkits ......
Steve Riley (MS SBTU Senior PM) posted his security presentations on official site. Update [2005.03.22] Protect Your Windows Network book by Steve Riley and Jesper M. Johansson is available for pre-ordering ......
I've changed design (thanks to
gosatango and
Jeff Julian) and added search abilities to my blog (thanks to
David Cumps)
Microsoft released first versions of Virus Removal Tool (codename TITAN, also available for download with docs in KB890830 and KB891716) and AntiSpyware Tool [via Michael Howard] (beta, so it still have problems with security) build on technologies from acquired firms GeCAD and GIANT. I'm running with limited rights for last year (after reading Larry's posts ;-) so tools didn't found real problems (only WinPCap and the same from security tools collection), but one of my coworkers found interesting ......