Re: How to check an Executive's notebook

[killy <killfactory () gmail com>]

Well said.

I just couldn't help it.

It looked like alot of fun.lol..   :)

On 8/16/06, Brad_Powell () amat com <Brad_Powell () amat com> wrote:
> Forgive me for butting in. I can understand the executives reluctance to
> hand over a laptop. In fact I'd be more worried if he/she did.
>
> Why not gather up your tools, sit down with him/her and have them run the
> tools under your supervision? You gain their confidence
> and can explain your finding as you go, while still demonstrating to the
> customer that you are keeping their information safe.
>
> I love the other techniques discussed, but honestly keeping the customer
> happy and safe will get you invited back.
>
> regards to all
>
> Brad Powell
>
>
> killy <killfactory () gmail com> wrote on 08/16/2006 08:20:23 AM:
>
>
> > Maybe use DD and pipe an image of the laptop across the wire to
> > another workstation using NetCat. :) while he is at lunch.
> >
> > Even easier would be to capture a physical memory image while he is on
> > the laptop. (using NetCat+DD again)
> > That might just amuse me. lol
> >
> > Follow him to his favorite Internet cafe and have much fun...lol.
> > Don't let him see you there.
> > Then when you get his email password off the wire (Cain and Able) you
> > can use it to connect to his C$ and let a message for him. God forbid
> > he uses the same password for everything.
> > He said no data could come off the laptop, but he said nothing about
> > putting anything on his laptop.
> >
> > another technique:
> > WMIC is a nice little tool native to windows. it can be used to
> > remotely gather information about a system.
> >
> > I saw a koo webcast @ sans regarding this technique. I think it was
> > called Command line Kung-fu or somehting like that.
> >
> > There are also some koo .pl scripts on Harlan Carvey's website. google
> him.
> >
> >
> >
> > On 8/5/06, itsec.info <itsec.info () gmail com> wrote:
> > > Hi
> > >
> > > I have a client who is a very high powered Executive and he asked
> > me to check
> > > his notebook regarding security etc.
> > > Actually this would be any easy task but he is not willing to hand over
> his
> > > notebook to me and I am not allowed to retrieve any data from it.
> > >
> > > Well how can you assess such a notebook and also the person's behaviour
> > > regarding security (e.g. reading his private email via smtp and the
> like)?
> > >
> > > The only idea I found so far is to re-direct the notebook's Internet
> traffic
> > > through a proxy and then I can examine this traffic and give him
> > some advice.
> > >
> > > Any other ideas are very welcomed.
> > >
> > > --
> > > Regards,
> > > Mike
> > >
> > >
> > >
> >
> ------------------------------------------------------------------------------
> > > This List Sponsored by: Cenzic
> > >
> > > Concerned about Web Application Security?
> > > Why not go with the #1 solution - Cenzic, the only one to win the
> Analyst's
> > > Choice Award from eWeek. As attacks through web applications
> > continue to rise,
> > > you need to proactively protect your applications from hackers.
> > Cenzic has the
> > > most comprehensive solutions to meet your application security
> penetration
> > > testing and vulnerability management needs. You have an option to go
> with a
> > > managed service (Cenzic ClickToSecure) or an enterprise software
> > > (Cenzic Hailstorm). Download FREE whitepaper on how a managed service
> can
> > > help you:
> http://www.cenzic.com/news_events/wpappsec.php
> > > And, now for a limited time we can do a FREE audit for you to confirm
> your
> > > results from other product. Contact us at request () cenzic com for
> details.
> > >
> >
> ------------------------------------------------------------------------------
> > >
> > >
> >
> >
> > --
> > If you spend more on coffee than on IT security, you will be hacked.
> > What's more, you deserve to be hacked.
> > -- former White House cybersecurity czar Richard Clarke
> >
> >
> ------------------------------------------------------------------------
> > This List Sponsored by: Cenzic
> >
> > Need to secure your web apps?
> > Cenzic Hailstorm finds vulnerabilities fast.
> > Click the link to buy it, try it or download Hailstorm for FREE.
> >
> http://www.cenzic.com/products_services/download_hailstorm.php
> >
> ------------------------------------------------------------------------
>
>
> > Maybe use DD and pipe an image of the laptop across the wire to
> > another workstation using NetCat. :) while he is at lunch.
> >
> > Even easier would be to capture a physical memory image while he is on
> > the laptop. (using NetCat+DD again)
> > That might just amuse me. lol
> >
> > Follow him to his favorite Internet cafe and have much fun...lol.
> > Don't let him see you there.
> > Then when you get his email password off the wire (Cain and Able) you
> > can use it to connect to his C$ and let a message for him. God forbid
> > he uses the same password for everything.
> > He said no data could come off the laptop, but he said nothing about
> > putting anything on his laptop.
> >
> > another technique:
> > WMIC is a nice little tool native to windows. it can be used to
> > remotely gather information about a system.
> >
> > I saw a koo webcast @ sans regarding this technique. I think it was
> > called Command line Kung-fu or somehting like that.
> >
> > There are also some koo .pl scripts on Harlan Carvey's website. google
> him.
> >
> >
> >
> > On 8/5/06, itsec.info <itsec.info () gmail com> wrote:
> > > Hi
> > >
> > > I have a client who is a very high powered Executive and he asked
> > me to check
> > > his notebook regarding security etc.
> > > Actually this would be any easy task but he is not willing to hand over
> his
> > > notebook to me and I am not allowed to retrieve any data from it.
> > >
> > > Well how can you assess such a notebook and also the person's behaviour
> > > regarding security (e.g. reading his private email via smtp and the
> like)?
> > >
> > > The only idea I found so far is to re-direct the notebook's Internet
> traffic
> > > through a proxy and then I can examine this traffic and give him
> > some advice.
> > >
> > > Any other ideas are very welcomed.
> > >
> > > --
> > > Regards,
> > > Mike
> > >
> > >
> > >
> >
> ------------------------------------------------------------------------------
> > > This List Sponsored by: Cenzic
> > >
> > > Concerned about Web Application Security?
> > > Why not go with the #1 solution - Cenzic, the only one to win the
> Analyst's
> > > Choice Award from eWeek. As attacks through web applications
> > continue to rise,
> > > you need to proactively protect your applications from hackers.
> > Cenzic has the
> > > most comprehensive solutions to meet your application security
> penetration
> > > testing and vulnerability management needs. You have an option to go
> with a
> > > managed service (Cenzic ClickToSecure) or an enterprise software
> > > (Cenzic Hailstorm). Download FREE whitepaper on how a managed service
> can
> > > help you:
> http://www.cenzic.com/news_events/wpappsec.php
> > > And, now for a limited time we can do a FREE audit for you to confirm
> your
> > > results from other product. Contact us at request () cenzic com for
> details.
> > >
> >
> ------------------------------------------------------------------------------
> > >
> > >
> >
> >
> > --
> > If you spend more on coffee than on IT security, you will be hacked.
> > What's more, you deserve to be hacked.
> > -- former White House cybersecurity czar Richard Clarke
> >
> >
> ------------------------------------------------------------------------
> > This List Sponsored by: Cenzic
> >
> > Need to secure your web apps?
> > Cenzic Hailstorm finds vulnerabilities fast.
> > Click the link to buy it, try it or download Hailstorm for FREE.
> >
> http://www.cenzic.com/products_services/download_hailstorm.php
> >
> ------------------------------------------------------------------------


--
If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- former White House cybersecurity czar Richard Clarke

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------