Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Abusing Windows 7 Recovery Process

From: Valdis.Kletnieks () vt edu
Date: Sat, 13 Jul 2013 13:52:23 -0400
On Sat, 13 Jul 2013 13:23:18 +0200, Alex said:

This one is a classic, but it will fail integrity checks of 
tripwire/ossec/whatever you use.


What percent of systems actually do this?

On Sat, 13 Jul 2013 14:19:19 +0200, Alex said:

And trigger automated incident/alarm

Trigger the automated alarm from the tripwire program you just axed?

Much more likely is some monitoring system like Big Brother or Zabbix
alerting that the system has been rebooted.  And again, the vast majority
of systems don't have this sort of monitoring.

Attachment: _bin
Description: 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: