Published on August 22nd, 2016 | by MaxiSoler


LOG-MD v1.0 Log Malicious Discovery tool

LOG-MD is the LOG and Malicious Discovery utility for Windows systems.

LOG-MD can be used for auditors to assess a systems audit configuration, IT and InfoSec to know what and where to configure audit policy settings, and for Incident Responders and Forensic investigators to examine a suspect system. LOG-MD is also great for Malware Analysts and labs to evaluate malware behavior to help harvest the artifacts used to improve defenses and create alerts for known malicious activity.

LOG-MD performs the following functions:

1. Check a systems Advanced Audit Policy (logging) for compliance to the ‘Windows Logging Cheat Sheet’, CIS Benchmarks, US-GCB, and AU-ACSC standards.

2. Log-MD creates a report of missing or improper settings for compliance, auditors, IT, InfoSec, and Incident Response professionals. The report provides all the details needed to properly configure the Advanced Audit Policy and additional tweaks to enhance Windows logging to catch malicious activity.

3. Once a system is properly configured, Log-MD harvests security related log events into over 10 reports (.csv & .txt) so the user can quickly look at the data for malicious activity.

4. Hash a single file, directory, or entire file system.

5. Create full file system SHA-256 hash baselines that can be compared to suspect systems eliminating the good to help find the bad.

6. Create full registry baselines that can be compared to suspect systems eliminating the good to help find the bad.

7. Search the registry for LARGE registry keys and special malicious settings such as a null value names where malware payloads and scripts could be hidden.

8. Several white-lists are available to filter out known good items to make the results contain less noise.


More Information: here

Thanks to Michael Gough for sharing this tool with us.

Tags: , , ,

About the Author

www.artssec.com @maxisoler

Back to Top ↑