Penetration Testing mailing list archives

Re: Boot floppy

From: "Curt Purdy" <purdy () tecman com>
Date: Thu, 12 Apr 2007 09:44:25 -0400

Absolutely Chris.  If they have Enterprise EnCase, they have complete
control, IF it is a company PC, and IF they have a written policy of no
expected privacy.  Barring the Navy case that had a questionable ruling, I
know of no other case that questioned the authority to do that with EnCase.
I have not worked with V6 yet, but V5 has about all the capability I could
ask for.

Curt Purdy CISSP, GSNA, GSEC, CNE, MCSE+I, CCDA 
Information Security Officer 
Information Systems Security
Columbia, MD
infosysec () gmail com
purdy () tecman com

-------------

If you spend more on coffee than on IT security, you will be hacked. 
What's more, you deserve to be hacked. 
-- former White House cybersecurity czar Richard Clarke

-----Original Message-----
From: listbounce () securityfocus com 
[mailto:listbounce () securityfocus com] On Behalf Of Chris Zevlas
Sent: Wednesday, April 11, 2007 4:14 AM
To: Shreyas Zare; Pen-Testing
Subject: [lists] Re: Boot floppy

How about you doing a remote image with Encase this way he 
will never know 
what you did.

----- Original Message ----- 
From: "Shreyas Zare" <shreyas () technitium com>
To: "Pen-Testing" <pen-test () securityfocus com>
Sent: Tuesday, April 10, 2007 10:48 PM
Subject: Re: Boot floppy

Hi,

Try using social engineering. Tell him you are given a job to patch
all machines in the company for some security update then patch his
machine with a good rootkit. You may give him the update

(infected) in

any CD or USB media so that he would install it himself. Or use any
idea which will not look suspicious to the target.

Regards,

On 4/10/07, Mifa <mifa () stangercorp com> wrote:

We have a user who takes a company  computer home with

them (no its not a

lap top).  We have a good reason to need to look at their files. 
However, we want to do so without that employ knowing.

They seem to know

something about security becasue auto runs is disabled and the 
workstation is always locked with a third party software.

INserting a U3

drive will not run a program either.  Are there any

programs that will

boot from a floppy then copy a program to the c drive then

wite an auto

start entry into the registry?  This was the only way I

can think of to

get the user to install a program..

Any other ideas how we maight gain access?  It has to be

fast (bathroom

breaks ect).  I dont have time to load a live cd. Further,

robooting

would cause the user to loose work.

--------------------------------------------------------------
----------

This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php
?camp=701600000008bOW

--------------------------------------------------------------
----------




-- 
(This e-mail was composed and sent completely using

recycled electrons)


Shreyas Zare
Co-Founder, Technitium
eMail: shreyas () technitium com

..::< The Technitium Team >::..
Visit us at www.technitium.com
Contact us at theteam () technitium com

Technitium Personal Computers
We belive in quality.
Visit http://pc.technitium.com for details.

--------------------------------------------------------------
----------

This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php
?camp=701600000008bOW

--------------------------------------------------------------
----------




--------------------------------------------------------------
----------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php
?camp=701600000008bOW
--------------------------------------------------------------
----------



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------

Current thread:

Boot floppy Mifa (Apr 10)
- Re: Boot floppy Clint P. Garrison MBA, CISSP, QSA (Apr 10)
- Re: Boot floppy Shreyas Zare (Apr 10)
  - Re: Boot floppy jasper . o . waale (Apr 11)
    - 答复: [SPAM] - Re: Boot floppy - Sending mail server found on relays.ordb.org Cony.Zhou (Apr 11)
  - Re: Boot floppy Chris Zevlas (Apr 11)
    - Re: Boot floppy Curt Purdy (Apr 13)
- Re: Boot floppy berg (Apr 10)
- Re: Boot floppy Zed Qyves (Apr 11)
  - RE: Boot floppy Scott Ramsdell (Apr 11)
  - Re: Boot floppy Tim (Apr 11)
- Re: Boot floppy Anders Thulin (Apr 11)
  - RE: Boot floppy Marvin Simkin (Apr 11)
  - RE: Boot floppy Pretorius, Wynand (ZA - Johannesburg) (Apr 11)
- Re: Boot floppy Sat Jagat Singh (Apr 11)
  - Re: Boot floppy Danyelle Gragsone (Apr 11)
- Re: Boot floppy Jamie Riden (Apr 11)

(Thread continues...)