PaulDotCom mailing list archives
Kon-Boot on a USB
From: gbugbear at gmail.com (Tim Mugherini)
Date: Tue, 7 Jul 2009 16:25:38 -0400
Does checkpoint with that option overwrite the nt boot loader the way PGP and truecrypt does? On 7/7/09, Dr Adapter <dradapter at gmail.com> wrote:
Hello It appears that this works against Checkpoint FDE with WIL (windows integrated logon) enabled. I was hoping that the Pre-boot process of Checkpoint FDE would have wiped out whatever kon-boot was doing in memory but it appears that it doesn't and allows the kernel patch to go ahead. Using the pre-boot authentication mode does prevent it if you don't have an account to access the decryption keys. I agree with Mick that this makes an amazing demo...especially when people make the trade off between usability and security. D---------- Forwarded message ---------- From: Michael Douglas <mick at pauldotcom.com> To: PaulDotCom Security Weekly Mailing List < pauldotcom at mail.pauldotcom.com> Date: Tue, 07 Jul 2009 09:17:21 -0400 Subject: Re: [Pauldotcom] Kon-Boot on a USB KON can't do it all, and hard disk crypto seems to be the one thing that stops this fun little tool cold. I think from a white hat perspective, it makes for an amazing demo of why FDE is needed.I'll be at DEFCON tho! :D not that anyone cares ;)BS! we care! :-) be sure to look us up! - Mick On Mon, Jul 6, 2009 at 11:44 PM, John Navarro<jnavtx at gmail.com> wrote:That was one of the reasons I wanted to test Kon-boot, however I couldn't take it too far since I was testing it on a work laptop to see if I could defeat the partial disk encryption (with permission of course!). Ofcourse Icould dump everything from linux anyways, but still couldn't gain accesstothe one encrypted drive :( I'll be at DEFCON tho! :D not that anyone cares ;) On Mon, Jul 6, 2009 at 7:13 PM, Robin Wood <dninja at gmail.com> wrote:2009/7/7 Adrian Crenshaw <irongeek at irongeek.com>:Ok, tested a few things on my Vista 32 box:1.Can't access network resources(prompted for password), but that's expected. 2. I Can dump the real password hashes. 3. EFS is not bypassed. 4. Could change my password, but had to use MMC because the defaultuseraccounts interface was confused. 5. Rebooted into normal mode, logged in with new password but still could not get to the EFS files. 6. Change password back, logged in/out and then could get to my EFS file.That would be because the EFS couldn't be decrypted when you first logged in so changing the password on it wasn't possible. Robin _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-- Sent from my mobile device
Current thread:
- Kon-Boot on a USB, (continued)
- Kon-Boot on a USB Robin Wood (Jul 06)
- Kon-Boot on a USB Adrian Crenshaw (Jul 06)
- Kon-Boot on a USB Robin Wood (Jul 06)
- Kon-Boot on a USB John Navarro (Jul 06)
- Kon-Boot on a USB Michael Douglas (Jul 07)
- Kon-Boot on a USB Bradley McMahon (Jul 07)
- Kon-Boot on a USB infolookup at gmail.com (Jul 07)
- Kon-Boot on a USB Dr Adapter (Jul 07)
- Kon-Boot on a USB Tim Mugherini (Jul 07)
- Kon-Boot on a USB Adrian Crenshaw (Jul 07)
- Kon-Boot on a USB Adrian Crenshaw (Jul 07)
- Kon-Boot on a USB Nils (Jul 08)
- Kon-Boot on a USB Adrian Crenshaw (Jul 08)
- Kon-Boot on a USB Adrian Crenshaw (Jul 08)
- Kon-Boot on a USB Nils (Jul 08)
- Kon-Boot on a USB Adrian Crenshaw (Jul 08)
- Kon-Boot on a USB Nils (Jul 09)