Re: Boot floppy

To:	"'Chris Zevlas'" <czevnow@cox.net>, "'Shreyas Zare'" <shreyas@technitium.com>, "'Pen-Testing'" <pen-test@securityfocus.com>
Subject:	Re: Boot floppy
From:	"Curt Purdy" <purdy@tecman.com>
Date:	Thu, 12 Apr 2007 09:44:25 -0400
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	pentest-list2@consult.net
Delivered-to:	mailing list pen-test@securityfocus.com
Delivered-to:	moderator for pen-test@securityfocus.com
In-reply-to:	<004c01c77c11$6afe2fc0$6401a8c0@bigblue>
List-help:	<mailto:pen-test-help@securityfocus.com>
List-id:	<pen-test.list-id.securityfocus.com>
List-post:	<mailto:pen-test@securityfocus.com>
List-subscribe:	<mailto:pen-test-subscribe@securityfocus.com>
List-unsubscribe:	<mailto:pen-test-unsubscribe@securityfocus.com>
Mailing-list:	contact pen-test-help@securityfocus.com; run by ezmlm
References:	<a40a81bbdf22981ceda4eda9f6055765@stangercorp.com> <5dd3856e0704102248xabeb47bs52e19107aa5170f4@mail.gmail.com> <004c01c77c11$6afe2fc0$6401a8c0@bigblue>
Resent-date:	Fri, 13 Apr 2007 02:49:53 -0600 (MDT)
Resent-from:	pen-test-return-1078483932@securityfocus.com
Resent-message-id:	<20070413084953.63C08143B75@outgoing2.securityfocus.com>
Resent-sender:	listbounce@securityfocus.com
Sender:	listbounce@securityfocus.com
Thread-index:	Acd8lGjiB8x2ltB5QsS5oXRU3qzSggAc4E8g

Absolutely Chris.  If they have Enterprise EnCase, they have complete
control, IF it is a company PC, and IF they have a written policy of no
expected privacy.  Barring the Navy case that had a questionable ruling, I
know of no other case that questioned the authority to do that with EnCase.
I have not worked with V6 yet, but V5 has about all the capability I could
ask for.

Curt Purdy CISSP, GSNA, GSEC, CNE, MCSE+I, CCDA 
Information Security Officer 
Information Systems Security
Columbia, MD
infosysec@gmail.com
purdy@tecman.com

-------------

If you spend more on coffee than on IT security, you will be hacked. 
What's more, you deserve to be hacked. 
-- former White House cybersecurity czar Richard Clarke 
 

> -----Original Message-----
> From: listbounce@securityfocus.com 
> [mailto:listbounce@securityfocus.com] On Behalf Of Chris Zevlas
> Sent: Wednesday, April 11, 2007 4:14 AM
> To: Shreyas Zare; Pen-Testing
> Subject: [lists] Re: Boot floppy
> 
> How about you doing a remote image with Encase this way he 
> will never know 
> what you did.
> 
> ----- Original Message ----- 
> From: "Shreyas Zare" <shreyas@technitium.com>
> To: "Pen-Testing" <pen-test@securityfocus.com>
> Sent: Tuesday, April 10, 2007 10:48 PM
> Subject: Re: Boot floppy
> 
> 
> > Hi,
> >
> > Try using social engineering. Tell him you are given a job to patch
> > all machines in the company for some security update then patch his
> > machine with a good rootkit. You may give him the update 
> (infected) in
> > any CD or USB media so that he would install it himself. Or use any
> > idea which will not look suspicious to the target.
> >
> > Regards,
> >
> > On 4/10/07, Mifa <mifa@stangercorp.com> wrote:
> >> We have a user who takes a company  computer home with 
> them (no its not a 
> >> lap top).  We have a good reason to need to look at their files. 
> >> However, we want to do so without that employ knowing.  
> They seem to know 
> >> something about security becasue auto runs is disabled and the 
> >> workstation is always locked with a third party software.  
> INserting a U3 
> >> drive will not run a program either.  Are there any 
> programs that will 
> >> boot from a floppy then copy a program to the c drive then 
> wite an auto 
> >> start entry into the registry?  This was the only way I 
> can think of to 
> >> get the user to install a program..
> >>
> >> Any other ideas how we maight gain access?  It has to be 
> fast (bathroom 
> >> breaks ect).  I dont have time to load a live cd. Further, 
> robooting 
> >> would cause the user to loose work.
> >>
> >>
> >>
> >> 
> --------------------------------------------------------------
> ----------
> >> This List Sponsored by: Cenzic
> >>
> >> Need to secure your web apps?
> >> Cenzic Hailstorm finds vulnerabilities fast.
> >> Click the link to buy it, try it or download Hailstorm for FREE.
> >>
> >> 
> http://www.cenzic.com/products_services/download_hailstorm.php
> ?camp=701600000008bOW
> >> 
> --------------------------------------------------------------
> ----------
> >>
> >>
> >
> >
> >
> > -- 
> > (This e-mail was composed and sent completely using 
> recycled electrons)
> >
> > Shreyas Zare
> > Co-Founder, Technitium
> > eMail: shreyas@technitium.com
> >
> > ..::< The Technitium Team >::..
> > Visit us at www.technitium.com
> > Contact us at theteam@technitium.com
> >
> > Technitium Personal Computers
> > We belive in quality.
> > Visit http://pc.technitium.com for details.
> >
> > 
> --------------------------------------------------------------
> ----------
> > This List Sponsored by: Cenzic
> >
> > Need to secure your web apps?
> > Cenzic Hailstorm finds vulnerabilities fast.
> > Click the link to buy it, try it or download Hailstorm for FREE.
> >
> > 
> http://www.cenzic.com/products_services/download_hailstorm.php
> ?camp=701600000008bOW
> > 
> --------------------------------------------------------------
> ----------
> >
> > 
> 
> 
> 
> --------------------------------------------------------------
> ----------
> This List Sponsored by: Cenzic
> 
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
> 
> http://www.cenzic.com/products_services/download_hailstorm.php
> ?camp=701600000008bOW
> --------------------------------------------------------------
> ----------
> 
> 


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------

<Prev in Thread]	Current Thread	[Next in Thread>
Boot floppy, Mifa Re: Boot floppy, Clint P. Garrison MBA, CISSP, QSA Re: Boot floppy, Shreyas Zare Re: Boot floppy, jasper . o . waale 答复: [SPAM] - Re: Boot floppy - Sending mail server found on relays.ordb.org, Cony.Zhou Re: Boot floppy, Chris Zevlas Re: Boot floppy, Curt Purdy <= Re: Boot floppy, berg Re: Boot floppy, Zed Qyves RE: Boot floppy, Scott Ramsdell Re: Boot floppy, Tim Re: Boot floppy, Anders Thulin RE: Boot floppy, Marvin Simkin RE: Boot floppy, Pretorius, Wynand (ZA - Johannesburg) Re: Boot floppy, Sat Jagat Singh Re: Boot floppy, Danyelle Gragsone Re: Boot floppy, Jamie Riden

Previous by Date:	RE: publications concerning port forwarding, Thomas W Shinder
Next by Date:	RE: Boot floppy, Mifa
Previous by Thread:	Re: Boot floppy, Chris Zevlas
Next by Thread:	Re: Boot floppy, berg
Indexes:	[Date] [Thread] [Top] [All Lists]