TXHunter

Performs Endpoint Breach Investigations remotely, hunting for all of the attack evidence without having to leave your desk

OVERVIEW

TXHunter provides an easy and convenient tool for conducting threat incident investigations remotely.  If any endpoint system or server is suspected of having been attacked, TXHunter can simply take a snapshot of the suspicious system and automatically conduct an incident investigation. If the investigation process identifies suspicious files or URL links, it will automatically launch the TXSandbox for a behavior analysis.

Alternatively, it can optionally be deployed as a lightweight passive agent on the endpoint systems. Instead of sending your investigation staff to the remote site, TXHunter can perform a rapid and thorough investigation remotely, without anyone having to leave their desk. The system provides a full view detail report of the attack profile.

HIGHLIGHTS

  • Supports ‘Just-in-Time’ hunting / snapshot analysis on remote systems
  • Optional support for continuous passive monitoring of target endpoint systems
  • Detects APT and back doors
  • Detects hidden processes and rootkit
  • Detects unusual network connections
  • Detects spyware and hidden downloader
  • Detects zombies and unknown files
  • Detects mis-configurations
  • Uncover past abnormal activities
  • Provide complete forensic reports
  • No permanent agent is required to be installed
  • No field visiting needed
  • Completely automated

DEPLOYMENT

  • Prepare a physical or VMware Server with minimum of 16 cores, 32G RAM, 2T HD, 1x1G NIC
  • Download iso image from TriagingX support
  • Install and configure the analyzer

OPERATIONS

  • Using admin credentials, remotely login to the suspect computer
  • Launch internet browser, and download hunter application from TXHunter’s server
  • Double click hunter application and launch the TXHunter instance
  • Sit back and wait for the investigation to complete
  • Depending on the complexity involved during investigation process, it usually completes investigation process in less than 15 minutes
  • Log into TXHunter’s dashboard to view the final report
  • It can also generate the report in PDF format

SPECIFICATIONS

Target System :                         Windows 7, 8, 10, 2008R2
Analyzer Server :                       Physical or VMWare Server (ISO Image contains Centos 7.0)
Snapshot Data :                         ~3 MB ‘Password Secured’ container, transmitted via Windows Sockets API
3rd Party Intelligence :             RestAPI
Report Format :                        PDF