PaulDotCom mailing list archives
U3 enabled device
From: arch3angel at gmail.com (Robert Miller)
Date: Mon, 23 Nov 2009 15:44:37 -0500
I have actually used this variant of the U3 payload to check systems suspected of being infected. I also modified it to take live running memory images using Memory DD ( http://www.mantech.com/msma/MDD.asp ) by adding the file and editing the vbscript. Butturini, Russell wrote:
So I think Gonz0r's site has been down for quite a while. You do need a different version of the U3 universal customizer to work on Vista. Also, one of the issues with the original payload is about 95% of the tools on it are snared by AV. Of course the benefit of having them loaded on the U3 side is that antivirus can't erase the files. Check here for some update information. The U3 solution presented here is a different concept than attack, but you should be able to take the information and create your own solution)Once again I'm a shameless self promoter): http://www.irongeek.com/i.php?page=videos/incident-response-u3-switchblade I hope you share your work with all of us! Feel free to reach out to me if you have more questions. -----Original Message----- From: pauldotcom-bounces at mail.pauldotcom.com [mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Bert Van Kets Sent: Monday, November 23, 2009 4:15 AM To: PaulDotCom Security Weekly Mailing List Subject: [Pauldotcom] U3 enabled device Hi guys, I got me a 2GB U3 enable Sandisk Cruizer for 3? on Friday. :-D I've been looking into turning this into a switchblade/hacksaw but the info I find - mostly on Hak5 of course - is more than three years old. I have a copy of the Universal Customizer version 1.0.0.8 with the included payload. I can not find any info on the real content of the payload, nor on the way to actually use it (ex. where is the retrieved data stored). Is there a better method, installer or payload? Does anybody have an update on this? Thanks. Bert _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com ****************************************************************************** This email contains confidential and proprietary information and is not to be used or disclosed to anyone other than the named recipient of this email, and is to be used only for the intended purpose of this communication. ****************************************************************************** _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- U3 enabled device, (continued)
- U3 enabled device Butturini, Russell (Nov 23)
- U3 enabled device Tim Mugherini (Nov 23)
- U3 enabled device John Miller (Nov 23)
- U3 enabled device Butturini, Russell (Nov 24)
- Legit Mass Emails Cause Blacklisting Robert Miller (Nov 25)
- Legit Mass Emails Cause Blacklisting Raffi Jamgotchian (Nov 25)
- Legit Mass Emails Cause Blacklisting Bradley McMahon (Nov 25)
- Legit Mass Emails Cause Blacklisting Robert Miller (Nov 25)
- Legit Mass Emails Cause Blacklisting Zenofex (Nov 25)
- Legit Mass Emails Cause Blacklisting David Shpritz (Nov 25)
- U3 enabled device Butturini, Russell (Nov 23)
- U3 enabled device Tim Mugherini (Nov 23)