Resources For IT Professionals
Post an article
Wikis - Page Details
Options
RSSSubscribe to Article (RSS)
Can You Improve This Article?
Positively! Click Sign In to add the tip, solution, correction or comment that will help other users.

Report inappropriate content using these instructions.
Wiki  >  TechNet Articles  >  IR Playbook Web defacement

IR Playbook Web defacement

IR Playbook Web defacement

If you are working with CSS Security they can assist with data gathering and analysis

Web Defacement can be broken down into 2 categories.

  • Data on the file system was modified
    • WEBDAV permissions issues
    • FPSE permissions issues
    • Files modified via FTP
    • Files modified via SMB
    • Files modified interactively on the system either via local/RDP/Other logged on user
  • Data in a database that sources the web site was modified
    • This is typically due to SQL Injection

Data gathering

  • All Event Logs
  • All IIS logs (this includes FTP and logs for all Web Sites within IIS)
  • A complete dump of the file system metatadata ie file names along with date created/date modified/date accessed
  • When was the defacement first seen
  • Is this affecting a single web site or multiple web sites
  • If multiple sites are they on the same system
  • What are the characteristics of the defacement, i.e. was the whole page replaced, was a portion of content on the page replaced, was only content that is sourced from a backend database modified?

Data Analysis

 

 

, , [Edit tags]
Leave a Comment
  • Please add 4 and 1 and type the answer here:
  • Post
Wiki - Revision Comment List(Revision Comment)
Sort by: Published Date | Most Recent | Most Useful
Comments
Page 1 of 1 (1 items)
Wikis - Comment List
Sort by: Published Date | Most Recent | Most Useful
Posting comments is temporarily disabled until 10:00am PST on Saturday, December 14th. Thank you for your patience.
Comments
  • Posted by
    on 10 Sep 2013 1:16 PM

    Maheshkumar S Tiwari edited Revision 1. Comment: Added tags

Page 1 of 1 (1 items)