So i'm working on some project to find malware in my network.Trying to automate autoruns(sysinternals) in order to find anomalies or changes in startup on workstations.to do so i want to make daily reports for multiple workstations each day and check for changes for previous reports(finding differences). So i need couple of advices: 1.Should i remote execute the script with psexec(sysinternals)? it seems way to risky with high priviliged account .. is there any other way? 2.Any working software for finding diffrence in report(xml, csv, or just text)(easy to use-free and windows) I have already tried to make it using c but it is too much effort.should i write it in python or other language like c#...
Automating autoruns-psexec or not
538 Views Asked by Chechik At
1
There are 1 best solutions below
Related Questions in PYTHON
- new thread blocks main thread
- Extracting viewCount & SubscriberCount from YouTube API V3 for a given channel, where channelID does not equal userID
- Display images on Django Template Site
- Difference between list() and dict() with generators
- How can I serialize a numpy array while preserving matrix dimensions?
- Protractor did not run properly when using browser.wait, msg: "Wait timed out after XXXms"
- Why is my program adding int as string (4+7 = 47)?
- store numpy array in mysql
- how to omit the less frequent words from a dictionary in python?
- Update a text file with ( new words+ \n ) after the words is appended into a list
- python how to write list of lists to file
- Removing URL features from tokens in NLTK
- Optimizing for Social Leaderboards
- Python : Get size of string in bytes
- What is the code of the sorted function?
Related Questions in SCRIPTING
- Using arrow keys to rotate an object
- bash functions returns "command not found"
- Calling javascript file from html file doesn't work at all
- Detecting corrupt characters in UTF-8 encoded text file
- Can I automate auto-app installation on my Android device?
- iMacros website form dropdown menu
- How to use multiple classes in multiple files in scripts?
- mIRC: Check if INI-file has a key
- Cannot open: c:\users\...\temp\package.cab when running Process.Start
- Using Gawk and Printf in a Bash script
- How can I edit a binary file under Windows by scripting
- interpreting a script through F#
- NET USE command to connect to a shared folder on local LAN
- Script to get List of logged in users
- find the lines where sequence/sorting is broken in linux
Related Questions in PSEXEC
- PsExec returning "the system cannot find the file specified"
- PsExec fails to open the stdin, stdout and stderr named pipes
- c# psexec response get params
- Powershell and PSExec
- Batch for loop in psexec command
- PSexec error trying to scan subnet
- copy with PSEXEC hangs some times in batch execution
- php -> shell_exec() -> psexec -> my executable chain fails
- Can't force psexec to use the given user account
- remote svn update on server farm
- Wait for PsExec calling cmd /c to finish in PowerShell
- permissions looping through wrong folder using psexec
- PSExec and secure passwords
- How do I edit text remotely in Windows
- Using Psexec to run remote script still allows other users to log into remote system
Related Questions in AUTOSTART
- how to add video player in mvc4 which supports .wmv, .3gp, .avi and different other formats
- Java move application to startup folder
- Android ViewFlipper animating only the first URL image
- Auto-Start MySQL on OSX 10.10 Yosemite
- Why won't Openbox autostart launch some programs?
- Android - Auto starting an activity after some duration
- How can I get my Stardog service to autostart in azure ubuntu VM?
- Start windows service on install without setup project
- How to Auto Call My Method In Time Period Without Running any WebPage in my application in ASP.net C#?
- On Bluetooth reception complete auto start exe
- Objective-C NSTimer after autostart application
- Problems with autostratup tomcat
- How to pass value from BroadcastReceiver to main activity
- Windows 8 auto start a program before user login
- How to check AutoStart option is already on for my App in Xiaomi phone Security App programmatically in android
Related Questions in SYSINTERNALS
- "An error occurred opening snapshot" Process Monitor
- Start WPF Application with RunAs Prompt
- DLLs reloaded to their preferred address
- listdll doesn't see assemblies loaded
- Getting started with dump file analysis
- Sysinternals Process Monitor (ProcMon): Using wildcards on filter
- Sysinternals Process Monitor (ProcMon): Working with Time of Day Filter
- What is the recommended approach to solve outlook addin hanging?
- PsExec hangs on calling the interactive executable
- Automating autoruns-psexec or not
- What does Windows IOCTL code 0x83350048 do?
- Call Process.GetProcesses by specifying/impersonating another account?
- windows-kernel - Can a thread id ever be the same as a process id?
- WinDbg find all C++ objects of type X on heap that do not use inheritance (no vftable)
- Convert a Cygwin PID to a Windows PID
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
I would use silentrunners.org to create daily snapshots. Then you could compare those and should something change flag that system for further review. Windows has FC which
Compares two files or sets of files and displays the differences between them