Bad Agent on encrypted disk

[Grymoire <pauldotcom () grymoire com>]

> I'm trying to think of a way to intercept the login process,
> and delete the bad file/program, so we can fis the systems.


I've been thinking about possible approaches.

 * Set up a MITM system to intercept the network processes used to
   authenticate a user during the login step.
 * U3 Switchblade
 * HID-based attack. Perhaps some USB driver is vulnerable.

Windows also has some function keys that are active during the logon
screen.  At Blackhat. I was talking to Richard Rushing who was
experimenting with HIDs, and he said he showed someone at Microsoft
that these keys caused a screen to pop-up, even though the user was
not logged in yet. They had to do with options for those with
physical limitations. 

The person from Microsoft commented that this looked like a security
issue (Irongeek - Note this).

Anyhow - I'm looking for hints on approaches, and more ideas....

- Grym



_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com