Penetration Testing mailing list archives
Re: Boot floppy
From: "Curt Purdy" <purdy () tecman com>
Date: Thu, 12 Apr 2007 09:44:25 -0400
Absolutely Chris. If they have Enterprise EnCase, they have complete control, IF it is a company PC, and IF they have a written policy of no expected privacy. Barring the Navy case that had a questionable ruling, I know of no other case that questioned the authority to do that with EnCase. I have not worked with V6 yet, but V5 has about all the capability I could ask for. Curt Purdy CISSP, GSNA, GSEC, CNE, MCSE+I, CCDA Information Security Officer Information Systems Security Columbia, MD infosysec () gmail com purdy () tecman com ------------- If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. -- former White House cybersecurity czar Richard Clarke
-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Chris Zevlas Sent: Wednesday, April 11, 2007 4:14 AM To: Shreyas Zare; Pen-Testing Subject: [lists] Re: Boot floppy How about you doing a remote image with Encase this way he will never know what you did. ----- Original Message ----- From: "Shreyas Zare" <shreyas () technitium com> To: "Pen-Testing" <pen-test () securityfocus com> Sent: Tuesday, April 10, 2007 10:48 PM Subject: Re: Boot floppyHi, Try using social engineering. Tell him you are given a job to patch all machines in the company for some security update then patch his machine with a good rootkit. You may give him the update(infected) inany CD or USB media so that he would install it himself. Or use any idea which will not look suspicious to the target. Regards, On 4/10/07, Mifa <mifa () stangercorp com> wrote:We have a user who takes a company computer home withthem (no its not alap top). We have a good reason to need to look at their files. However, we want to do so without that employ knowing.They seem to knowsomething about security becasue auto runs is disabled and the workstation is always locked with a third party software.INserting a U3drive will not run a program either. Are there anyprograms that willboot from a floppy then copy a program to the c drive thenwite an autostart entry into the registry? This was the only way Ican think of toget the user to install a program.. Any other ideas how we maight gain access? It has to befast (bathroombreaks ect). I dont have time to load a live cd. Further,robootingwould cause the user to loose work.-------------------------------------------------------------- ----------This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE.http://www.cenzic.com/products_services/download_hailstorm.php ?camp=701600000008bOW-------------------------------------------------------------- ------------ (This e-mail was composed and sent completely usingrecycled electrons)Shreyas Zare Co-Founder, Technitium eMail: shreyas () technitium com ..::< The Technitium Team >::.. Visit us at www.technitium.com Contact us at theteam () technitium com Technitium Personal Computers We belive in quality. Visit http://pc.technitium.com for details.-------------------------------------------------------------- ----------This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE.http://www.cenzic.com/products_services/download_hailstorm.php ?camp=701600000008bOW-------------------------------------------------------------- ------------------------------------------------------------------------ ---------- This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php ?camp=701600000008bOW -------------------------------------------------------------- ----------
------------------------------------------------------------------------ This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020 ------------------------------------------------------------------------
Current thread:
- Boot floppy Mifa (Apr 10)
- Re: Boot floppy Clint P. Garrison MBA, CISSP, QSA (Apr 10)
- Re: Boot floppy Shreyas Zare (Apr 10)
- Re: Boot floppy jasper . o . waale (Apr 11)
- 答复: [SPAM] - Re: Boot floppy - Sending mail server found on relays.ordb.org Cony.Zhou (Apr 11)
- Re: Boot floppy Chris Zevlas (Apr 11)
- Re: Boot floppy Curt Purdy (Apr 13)
- Re: Boot floppy jasper . o . waale (Apr 11)
- Re: Boot floppy berg (Apr 10)
- Re: Boot floppy Zed Qyves (Apr 11)
- RE: Boot floppy Scott Ramsdell (Apr 11)
- Re: Boot floppy Tim (Apr 11)
- Re: Boot floppy Anders Thulin (Apr 11)
- RE: Boot floppy Marvin Simkin (Apr 11)
- RE: Boot floppy Pretorius, Wynand (ZA - Johannesburg) (Apr 11)
- Re: Boot floppy Sat Jagat Singh (Apr 11)
- Re: Boot floppy Danyelle Gragsone (Apr 11)
- Re: Boot floppy Jamie Riden (Apr 11)
(Thread continues...)