PaulDotCom mailing list archives

Bypassing Vontu

From: pj_mcgarvey at hotmail.com (PJ McGarvey)
Date: Thu, 22 Oct 2009 13:50:37 -0400


XOR it *twice*

 

;-)

Date: Thu, 22 Oct 2009 11:41:59 -0500
From: NSweaney at tulsacash.com
To: pauldotcom at mail.pauldotcom.com
Subject: Re: [Pauldotcom] Bypassing Vontu

No experience, but here's a few tactics to try.

* Boot to a live disk & copy files to USB.
* encrypt data with truecrypt before sending it out.
* Open data in your text editor & replace a few common characters with a symbol so that the data is somewhat garbled.
* upload data to a site using SSL encryption.
* Open data on screen & take pictures with your phone.
* Copy data in the notes section of your email contacts & then access from outside.
* paste data into an email & then save as a draft (but don't send.) then open draft from outside.
* print data to pdf & send out.
* open data on screen, take screen shots, and then email the screenshots.
* sync your phone with the computer & try to copy out. (not as a drive, as a synced folder on the phone).

-----Original Message-----
From: pauldotcom-bounces at mail.pauldotcom.com [mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of 
Monkey Daemon
Sent: Thursday, October 22, 2009 10:45 AM
To: PaulDotCom Security Weekly Mailing List
Subject: Re: [Pauldotcom] Bypassing Vontu

2009/10/22 Brian Schultz <theconqueror at gmail.com>:

Our security department is testing out Symantec's Vontu and I am playing the
guinea pig and have to try and get documents out of our company's
environment. I have a really basic understanding of how it works. It has a
span port sitting and listening to all outgoing web traffic and there is
also an agent that sits on desktops and watches to see if any sensitive
information leaves via USB drive or e-mail.

Does anyone have any whitepapers or info regarding how it actually works or
any tactics I should try?


Switch off the box, open the case and walk out with the disk in your
briefcase/laptop bag?

MWD

                                          
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20091022/b29a2c09/attachment.htm

Current thread:

Bypassing Vontu Brian Schultz (Oct 22)
- Bypassing Vontu Monkey Daemon (Oct 22)
  - Bypassing Vontu James Costello (Oct 22)
  - Bypassing Vontu Michael Boyd (Oct 22)
  - Bypassing Vontu Jason Jones (Oct 22)
  - Bypassing Vontu Dan Baxter (Oct 22)
  - Bypassing Vontu Nathan Sweaney (Oct 22)
    - Bypassing Vontu PJ McGarvey (Oct 22)
  - Bypassing Vontu Michael Dickey (Oct 22)
- Bypassing Vontu Robin Wood (Oct 22)
- Bypassing Vontu Chris Merkel (Oct 22)
- Bypassing Vontu Jim Halfpenny (Oct 22)
- Bypassing Vontu Ron Gula (Oct 22)
- Bypassing Vontu Raffi Jamgotchian (Oct 22)
- Bypassing Vontu Allen Deryke (Oct 22)
  - Bypassing Vontu John Strand (Oct 22)
- Bypassing Vontu xgermx (Oct 22)
  - Bypassing Vontu Chris Merkel (Oct 22)

(Thread continues...)