Thread: Sandboxing
View Single Post
  #10 (permalink)  
Old February 28, 2013, 12:57 PM
BrainEater's Avatar
BrainEater BrainEater is offline
Hall Of Fame
 
Join Date: Mar 2007
Location: Calgary
Posts: 2,513
Default

Ok , so I'll update and explain further.

We have IT , the steps are ongoing.We've reported to the authorities.Beer flows.

----

This is about pounding an 'effing coffin nail into some dumb shit that needs it.

Here's what I know.(or think I know)

The mac is the source.It had Vuze , as well as the possibility of someone just clicking the wrong link.

From what I understand , it went from said mac (not on the domain) into computers on the domain.

After that they appear to have access to everything , they encrypted the server hdd's.

It looks like a total compromise to me....rootkits etc....but I don't know , I'm trying to find out what paranoia level to escalate to.

So I've got that mac , and it was not cleaned from what I know....so I'm going to run it in a closed environment and see what pop's up....

-----

Back to the original question.....Imma run snort on the sandbox router , and solarwinds elsewhere.....any advice on other stufff ?? .....I'm going run all the anti-malware /virus usuals......hijackthis etc....

__________________
Intel 3930k /rIVe/32 Gb vengeance LP/Nvidia TITAN/760/760/Intel 520's/WD raptors/etc...

Last edited by BrainEater; February 28, 2013 at 01:21 PM.
Reply With Quote