Re: Bad Agent on encrypted disk

[Tyler Robinson <pcimpressions () gmail com>]

I recall a 2600 article about bypassing whole disk encrption;

Pwning Past Whole Disk Encryption - How to modify the init.img during Linux
bootup to copy a shadow file or shell script for bypassing disk encryption,
by by m0untainrebel

I beleive it was 2600 Magazine Volume 26, Number 4 (Winter 2009-2010)

That maybe the place to start at least for data recovery or who knows you
may have access to the agent from there.

TR (eXe)

On Wed, Oct 6, 2010 at 6:19 AM, Grymoire <pauldotcom () grymoire com> wrote:

> > I'm trying to think of a way to intercept the login process,
> > and delete the bad file/program, so we can fis the systems.
>
>
> I've been thinking about possible approaches.
>
>  * Set up a MITM system to intercept the network processes used to
>   authenticate a user during the login step.
>  * U3 Switchblade
>  * HID-based attack. Perhaps some USB driver is vulnerable.
>
> Windows also has some function keys that are active during the logon
> screen.  At Blackhat. I was talking to Richard Rushing who was
> experimenting with HIDs, and he said he showed someone at Microsoft
> that these keys caused a screen to pop-up, even though the user was
> not logged in yet. They had to do with options for those with
> physical limitations.
>
> The person from Microsoft commented that this looked like a security
> issue (Irongeek - Note this).
>
> Anyhow - I'm looking for hints on approaches, and more ideas....
>
> - Grym
>
>
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom () mail pauldotcom com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com



-- 
Tyler Robinson
Owner of Computer Impressions

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com