I copied out, from a clean install of Win7, the ipconfig.exe and netstat.exe and their associated import .DLL files to an external "trusted folder".
When attached and from the trusted folder, when i run the "trusted ipconfig" all i get is a blank(empty) response. Same goes for running the "trusted netstat" -ano..However when if i run "trusted netstat" -rn, I get returned data. These were all run from a runas admin cmdshell.
Anyone have any luck with putting together a trusted binary folder for Win 7 Incident Response processes ?
I guess I have never re-named my binaries. I just have them on a CD.
EDIT Harlan/Keydet89 has an interesting take on Windows trusted shell
yea, i had read Harlan's post…good thoughts…
but for this particular exercise, has anyone been able to copy off and run ipconfig, arp or netstat from anywhere ELSE other than the local computer's system32 path on a Win7 machine ?
bithead, you mentioned you have trusted binaries on a CD, is that for Win7 too ?