PaulDotCom mailing list archives
Re: Bad Agent on encrypted disk
From: Tyler Robinson <pcimpressions () gmail com>
Date: Wed, 6 Oct 2010 09:40:53 -0600
I recall a 2600 article about bypassing whole disk encrption; Pwning Past Whole Disk Encryption - How to modify the init.img during Linux bootup to copy a shadow file or shell script for bypassing disk encryption, by by m0untainrebel I beleive it was 2600 Magazine Volume 26, Number 4 (Winter 2009-2010) That maybe the place to start at least for data recovery or who knows you may have access to the agent from there. TR (eXe) On Wed, Oct 6, 2010 at 6:19 AM, Grymoire <pauldotcom () grymoire com> wrote:
I'm trying to think of a way to intercept the login process, and delete the bad file/program, so we can fis the systems.I've been thinking about possible approaches. * Set up a MITM system to intercept the network processes used to authenticate a user during the login step. * U3 Switchblade * HID-based attack. Perhaps some USB driver is vulnerable. Windows also has some function keys that are active during the logon screen. At Blackhat. I was talking to Richard Rushing who was experimenting with HIDs, and he said he showed someone at Microsoft that these keys caused a screen to pop-up, even though the user was not logged in yet. They had to do with options for those with physical limitations. The person from Microsoft commented that this looked like a security issue (Irongeek - Note this). Anyhow - I'm looking for hints on approaches, and more ideas.... - Grym _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-- Tyler Robinson Owner of Computer Impressions
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Bad Agent on encrypted disk Grymoire (Oct 06)
- Re: Bad Agent on encrypted disk Tyler Robinson (Oct 06)