TXHunter

Performs endpoint breach investigations remotely, hunting for all of the attack evidence without having to leave your desk

OVERVIEW

TXHunter provides an easy and convenient tool for conducting threat incident investigations remotely.  If any endpoint system or server is suspected of having been attacked, TXHunter can simply take a snapshot of the suspicious system and automatically conduct an incident investigation. If the investigation process identifies suspicious files or URL links, it will automatically launch the TXSandbox for a behavior analysis.

Alternatively, it can optionally be deployed as a lightweight passive agent on the endpoint systems. Instead of sending your investigation staff to the remote site, TXHunter can perform a rapid and thorough investigation remotely, without anyone having to leave their desk. The system provides a full view detailed report of the attack profile.

HIGHLIGHTS

  • Supports ‘Just-in-Time’ hunting / snapshot analysis on remote systems
  • Optional support for continuous passive monitoring of target endpoint systems
  • Detects APT and back doors
  • Detects hidden processes and rootkits
  • Detects unusual network connections
  • Detects spyware and hidden downloaders
  • Detects zombies and unknown files
  • Detects mis-configurations
  • Uncovers past abnormal activities
  • Provides complete forensic reports
  • Ultilizes an agent that self-removes when ‘hunting’ completes
  • Needs no field visits
  • Processes and analyzes with complete automation

DEPLOYMENT

  • Prepare a physical or VMware Server with minimum of 16 cores, 32G RAM, 2T HD, 1x1G NIC
  • Download iso image from TriagingX support
  • Install and configure the analyzer

OPERATIONS

  • Using admin credentials, remotely login to the suspect computer
  • Launch internet browser, and download the TXHunter application from TXHunter’s server
  • Double click the TXHunter application and launch the TXHunter instance
  • Sit back and wait for the investigation to complete
  • Depending on the complexity involved during the investigation process, it usually completes the investigation in less than 15 minutes
  • Log into TXHunter’s dashboard to view the final report
  • It can also generate the report in PDF format

SPECIFICATIONS

Target System :                         Windows 7, 8, 10, 2008R2
Analyzer Server :                       Physical or VMWare Server (ISO Image contains Centos 7.0)
Snapshot Data :                         ~3 MB ‘Password Secured’ container, transmitted via Windows Sockets API
3rd Party Intelligence :             RestAPI
Report Format :                        PDF