PaulDotCom mailing list archives
U3 enabled device
From: johnemiller at gmail.com (John Miller)
Date: Mon, 23 Nov 2009 18:16:21 -0600
U3 still works in most cases since it appears as a USB CDrom device. As for go.bat being detected, I've had great luck using the standard autorun and renaming my payload launchu3.exe. I generally use executable payloads, so that probably wouldn't work with a batch file. On Nov 23, 2009, at 2:48 PM, Tim Mugherini <gbugbear at gmail.com> wrote:
thought u3 was not disabled by MS update http://blogs.technet.com/srd/archive/2009/04/28/autorun-changes-in-windows-7.aspx On Mon, Nov 23, 2009 at 3:18 PM, Butturini, Russell <Russell.Butturini at healthways.com> wrote:To a degree. One thing that is great though is the fact that everything is stored inside an ISO image, meaning AV can't wipe out your toolsets, and it's harder for anyone to mess with the payload/ tools you have included. -----Original Message----- From: pauldotcom-bounces at mail.pauldotcom.com [mailto:pauldotcom- bounces at mail.pauldotcom.com] On Behalf Of Robert Portvliet Sent: Monday, November 23, 2009 1:33 PM To: PaulDotCom Security Weekly Mailing List Subject: Re: [Pauldotcom] U3 enabled device Didn't Microsoft disable autorun with an update a while back to disable one of Conficker's attack vectors? This would pretty much kill the usefulness of the U3 switch-blades, right? On Mon, Nov 23, 2009 at 12:17 PM, Butturini, Russell <Russell.Butturini at healthways.com> wrote:So I think Gonz0r's site has been down for quite a while. You do need a different version of the U3 universal customizer to work on Vista. Also, one of the issues with the original payload is about 95% of the tools on it are snared by AV. Of course the benefit of having them loaded on the U3 side is that antivirus can't erase the files. Check here for some update information. The U3 solution presented here is a different concept than attack, but you should be able to take the information and create your own solution)Once again I'm a shameless self promoter): http://www.irongeek.com/i.php?page=videos/incident-response-u3-switchblade I hope you share your work with all of us! Feel free to reach out to me if you have more questions. -----Original Message----- From: pauldotcom-bounces at mail.pauldotcom.com [mailto:pauldotcom- bounces at mail.pauldotcom.com] On Behalf Of Bert Van Kets Sent: Monday, November 23, 2009 4:15 AM To: PaulDotCom Security Weekly Mailing List Subject: [Pauldotcom] U3 enabled device Hi guys, I got me a 2GB U3 enable Sandisk Cruizer for 3? on Friday. :-D I've been looking into turning this into a switchblade/hacksaw but the info I find - mostly on Hak5 of course - is more than three years old. I have a copy of the Universal Customizer version 1.0.0.8 with the included payload. I can not find any info on the real content of the payload, nor on the way to actually use it (ex. where is the retrieved data stored). Is there a better method, installer or payload? Does anybody have an update on this? Thanks. Bert _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com *** *** *** *** ****************************************************************** This email contains confidential and proprietary information and is not to be used or disclosed to anyone other than the named recipient of this email, and is to be used only for the intended purpose of this communication. *** *** *** *** ****************************************************************** _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com *** *** *** ********************************************************************* This email contains confidential and proprietary information and is not to be used or disclosed to anyone other than the named recipient of this email, and is to be used only for the intended purpose of this communication. *** *** *** ********************************************************************* _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- U3 enabled device Bert Van Kets (Nov 23)
- U3 enabled device Butturini, Russell (Nov 23)
- U3 enabled device Karl Schuttler (Nov 23)
- U3 enabled device Butturini, Russell (Nov 23)
- U3 enabled device Bert Van Kets (Nov 25)
- U3 enabled device Robin Wood (Nov 23)
- U3 enabled device Robert Portvliet (Nov 23)
- U3 enabled device Butturini, Russell (Nov 23)
- U3 enabled device Tim Mugherini (Nov 23)
- U3 enabled device John Miller (Nov 23)
- U3 enabled device Butturini, Russell (Nov 24)
- Legit Mass Emails Cause Blacklisting Robert Miller (Nov 25)
- Legit Mass Emails Cause Blacklisting Raffi Jamgotchian (Nov 25)
- Legit Mass Emails Cause Blacklisting Bradley McMahon (Nov 25)
- Legit Mass Emails Cause Blacklisting Robert Miller (Nov 25)
- Legit Mass Emails Cause Blacklisting Zenofex (Nov 25)
- U3 enabled device Karl Schuttler (Nov 23)
- Legit Mass Emails Cause Blacklisting David Shpritz (Nov 25)
- U3 enabled device Butturini, Russell (Nov 23)
- U3 enabled device Butturini, Russell (Nov 23)