SANS - Internet Storm Center - Cooperative Cyber Threat Monitor And Alert System
This post on the sans handlers log has some really useful information about the use of netstat to detect connection information on windows boxes, with some features that I wasn't aware of.
Also put me on to something else that I've been woefully ignorant of . wmic
This looks like a really handy command-line tool for getting information out of windows boxes. from what I can see so far, there's a load of interesting information that you can get from it. To get started just type "wmic" from a command prompt then type /? for a list of "aliases" that wmic uses for information retrieval.
Some of the commands I've found so far which seem handy "process list brief" and nicconfig list brief" but you can use the /? switch after anything to get some useful help about options...


Security Geek, Kubernetes, Docker, Ruby, Hillwalking