Re: Boot floppy

From: Thor (Hammer of God) (thor@hammerofgod.com)
Date: Fri Apr 13 2007 - 10:40:36 EDT

• Next message: Sat Jagat Singh: "RE: Boot floppy"
• Previous message: Benny Tsai: "Re: Paros alternative"
• Maybe in reply to: Mifa: "Boot floppy"
• Next in thread: Tremaine Lea: "Re: Boot floppy"
• Reply: Tremaine Lea: "Re: Boot floppy"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I don't think anyone's missing the statement -- people are just (in my mind
rightfully) suspicious of these types of scenarios where there are a million
other things that could be done that actually solve the problem. It's the
company's computer. They think this guy is stealing from them like someone
else already did. But, even though the OP's the administrator of a computer
his company owns, he has no access to it and the admin account is disabled,
and they can't get the guy to run a rootkit any other way. So they want to
figure out how to root the box without any boot tools, auto-runs, reboots,
or anything else while the guy is taking a whiz so they can see if he is
stealing intellectual property all because they are worried about hurting
his feelings. It just doesn't sound right.

Seize the box and perform forensics on it and be done with it. Then have a
set policy put in place to keep stupid things like that from happening
again.

t

----- Original Message -----
From: "Shreyas Zare" <shreyas@technitium.com>
To: "Pen-Testing" <pen-test@securityfocus.com>
Sent: Thursday, April 12, 2007 8:47 AM
Subject: Re: Boot floppy

> Hi,
>
> Everyone almost is missing Mifa's statement which is, "Any other ideas
> how we maight gain access? It has to be fast (bathroom breaks ect). I
> dont have time to load a live cd. Further, robooting would cause the
> user to loose work."
>
> This means he has to do it quickly without rebooting the machine and
> no live CDs as rebooting would make the target suspicious of the act.
> So social engineering will work better in this case.
>
> If he has enough powers, he can trojan the machine as its company's
> property. And the target may be a real danger for the company's
> security, who knows ?

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------

• Next message: Sat Jagat Singh: "RE: Boot floppy"
• Previous message: Benny Tsai: "Re: Paros alternative"
• Maybe in reply to: Mifa: "Boot floppy"
• Next in thread: Tremaine Lea: "Re: Boot floppy"
• Reply: Tremaine Lea: "Re: Boot floppy"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:43 EDT