CyberSensor


Instructions for trying out the CyberSensor demo
================================================

. Make sure that you have Windows NT 4.0 on your machine.
. Copy and unzip the attached .ZIP file in some directory 
  on your harddrive.
. Run CyberSensor.Exe

Conventions
===========

The machine on which you running CyberSensor.Exe is termed as "Source
Machine" and the machine which you want to spy is termed as 
"Target Machine". In case of single machine demo, both "Source
Machine" and "Target Machine" are same.

Single machine demo
===================

1. Make sure that you are logged in as administrator on the "Source
   Machine". You can verify this by starting programs such as 
   windisk. Windisk will run without any "access denied" errors if
   you are administrator.

2. From the CyberSensor machine list, select the same machine on which
   you are running CyberSensor.

3. Select the appropriate agent from the agents list box. Select
   the process you want to spy on from process list box. You can
   skip selecting process if you want to spy system wide.

4. Click the Start Agent icon/menu item. Look at your spy agent
   selection and Click "Start Spy".

5. After successful installation of spy, you will get one window
   which will show the spy specific activity.

6. Perform any spy specific activity on the machine e.g If you
   have selected process spy then start and stop some processes
   on the target machine. 

Multi-machine demo
==================

1. Make sure that you have administrator privilege on the "Target
   Machine". You can verify this by connecting to C$ admin share.

   e.g If "Source Machine" named "A" and the "Target Machine" is
   named "B". Run the following command on "Source Machine"

   net use \\B\C$
   
   If this command succeeds, then you have admin privilege on the
   target.

   Note:
   If both the "Source Machine" and "Target Machine" belongs to
   same domain say CYBERDOM and you are logged in as user X on 
   machine "A" then make sure that "CYBERDOM\X" belongs to local
   administrator group of machine "B". This can be done as follows.
   Logon to machine "B" as local administrator, run musrmgr.exe
   select "Administrators" group. You should see "CYBERDOM\X"
   belonging to this group. If not, then add the user to local
   administrator group by selecting from the user list.
   If you are logged in as Domain administrator on machine "A",
   then make sure that "Domain Admins" group belongs to local 
   administrator group of machine "B"
   
   If both the "Source Machine" and "Target Machine" are peer
   i.e not belonging to same domain, then make sure that you have
   an account with same name and password on both the machines
   and this account is belonging to local administrator group of
   the "Target Machine".

2. Rest of the steps i.e 2 to 6 are same as single machine demo.

Comments
========

. There are two spy agents provided along with this demo.

  ProcessSpy - Monitors execution of processes. Shows total CPU
  time, user time and kernel time spent by process.
  RegSpy - Monitors registry activity e.g Registry key/value 
  creations/deletion/modification etc.

. For ProcessSpy agent, you need to have PSAPI.DLL in your windows
  system directory, otherwise the agent will not show the executable
  names. It will show "Unknown" process name. PSAPI.DLL is present
  in the attached .ZIP file.

. When starting spy agent, you might get "Failed to start service"
  message. Please try again in this case.

MegaSecurity