PaulDotCom mailing list archives
Bad Agent on encrypted disk
From: Grymoire <pauldotcom () grymoire com>
Date: Wed, 6 Oct 2010 08:19:16 -0400
I'm trying to think of a way to intercept the login process, and delete the bad file/program, so we can fis the systems.
I've been thinking about possible approaches. * Set up a MITM system to intercept the network processes used to authenticate a user during the login step. * U3 Switchblade * HID-based attack. Perhaps some USB driver is vulnerable. Windows also has some function keys that are active during the logon screen. At Blackhat. I was talking to Richard Rushing who was experimenting with HIDs, and he said he showed someone at Microsoft that these keys caused a screen to pop-up, even though the user was not logged in yet. They had to do with options for those with physical limitations. The person from Microsoft commented that this looked like a security issue (Irongeek - Note this). Anyhow - I'm looking for hints on approaches, and more ideas.... - Grym _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Bad Agent on encrypted disk Grymoire (Oct 06)
- Re: Bad Agent on encrypted disk Tyler Robinson (Oct 06)