Hey guys i am the captain of my high schools cyberpatriots team. we currently are in the platinum round Regional competition and we need some advanced tools/tips on what we should be doing.
Some of the things im looking into is remote registry and LanMan.
Are there any free/opensource tools we can boot from that will help?
What are some tools we should be using to detect backdoors and security issues? We currently use some AV's like spybot and malwarebytes, Glary Utilites, and the SysInternals Suite (Though we dont know really how to use it).
We are have dabbled in Group Policy and some powershell.
We also are using chocolatey and powershell to do some scripting. Any useful commands you can recommend we use?
a vm is given to us loaded with tons of backdoors and viruses and we have to clean it and make it secure. we run vmware workstation and we have decent computers (i7's, 8GB of RAM, ECT)
Yeah, if there's no restriction. Recover data from the hdd into a quarantined area and destroy the VM is the answer if its completely compromised.
If you cant delete the vm and must "clean" it for some other goal. Disable its networking, segragate it from everything else, never allow it to connect to a network. Then attempt to clean and recover. But never let it connect to a network again.
If you have to have it connected to a network "because" (isnt that what they always say?) Put a firewall in front of it and block all traffic to and from except for what you've explicitly tested.