Select Page

A blogger named Dave Kleiman on the SANS blog site just shared a very cool technique for cataloging all the USB devices plugged into a network.

Dave said on the blog that he used Microsoft’s Log Parser (link here) to collect standard registry keys:

HKLMSYSTEMControlSet001EnumUSBSTOR
HKLMSYSTEMControlSet001EnumUSB
HKLMSYSTEMMountedDevices
HKLMSYSTEMControlSet001ControlDeviceClasses{53f56307-b6bf-11d0-94f2-00a0c91efb8b}

Log Parser allows an operator to run scripts, which in his case, allowed him to retrieve the registry keys and the host name for each as well as other information.

Blog post here.

Thanks for the tip Alex.

— Tom Kelchner


Fatal error: Uncaught wfWAFStorageFileException: Unable to save temporary file for atomic writing. in /home/eckelberry1966/public_html/sunbeltblog/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php:34 Stack trace: #0 /home/eckelberry1966/public_html/sunbeltblog/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php(658): wfWAFStorageFile::atomicFilePutContents('/home/eckelberr...', '<?php exit('Acc...') #1 [internal function]: wfWAFStorageFile->saveConfig('livewaf') #2 {main} thrown in /home/eckelberry1966/public_html/sunbeltblog/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php on line 34