Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

Posts posted by SomethingToChatWith

  1. Would anyone be kind enough to detail how to compile the cold-boot tool and key finders? Some of us that arent so great with this kind of stuff havent had any luck.

  2. ...and forget about closing all your windows and have it shutdown? That is the process in which I am talking about....

    ...Maybe if you would have read and tried it out you would have understood it...

    Ok, the force option isnt needed to close your apps. In addition you may shutdown your computer without closing your apps, granted any hanging apps would stop it until you ended it. Like you I was commenting, so maybe if you tried it you would understand it.

  3. I don't get what it is about storing data on these laptops that are getting stolen. If the files stay on a NAS at the office than it wouldn't matter. People are asking for trouble.

  4. Ok, the at command can be used by a limited account even in XP SP2. Don't believe me? Type "at /?" at the command prompt. You should see the help output for at. Now while you cant actually "use" the at command beyond viewing the help this is an ovbious giveaway. The task scheduler service still runs under the SYSTEM account. With any luck what I'm thinking is MS only patched the at command itself. Even a limited user can create tasks using the GUI.

    So what does this mean? I'm wondering if you can take a pre-sp2 XP version of the at command and use it? If MS only patched the at command stored on the local system whos to say you couldn't use an older version of at from say a flash drive...

    And yes digip, you're right on there. The way anything involving proccesses in Windows works is that child proccesses always get the amount of system access the parent proccess (in this case at running as the system account) has.

  5. I wonder if you could install a ram scrubbing utility on your bios, just as you could install the ram dumping utility?

    Ok, I just read thier whitepaper detailing the research. If you read through thier writeup from thier research you'll find a lot of machines can do memory scrubbing on power on (not power off like I thought). In order for the memory to get scrubbed, the common quick boot option inside the BIOS must be disabled or in some BIOSes a more intensive POST. With quick boot enabled, it skips that functionality to speed up boot of the system. There's still a chance to be successful though if the attacker can get the memory transfered over to another machine.

  6. Yeah unetbootin's only good for linux installs. It doesnt work for Windows (unless you specify bootmgr as the kernel? - havent tried it)...

    And I recommend grub4dos over just plain grub. Why? Well, grub4dos supports emulation of some floppy and iso images. I'm not sure if plain grub does that. Don't fiddle around with syslinux cause you can easily make a bootable grub/grub4dos disc.

  7. There are numerous bios cracking utilities that can be used to get around system passwords, and you can always clear the CMOS to default the bios.

    Thing is, a bios capable of system guarded passwords prevents you from even booting until you've entered it. So if you can boot from your little boot cd to clear the cmos than you could boot up the tool to dump the ram. Otherwise, the only way around it is taking the computer apart to reset at the CMOS or PWD jumpers or removing the CMOS battery. By the time you've done all that it would take too much time to acquire without stealing the system.

    What laptop do you have if I may ask? I do not know of any system that asks for for a decryption or system password before the bios screen appears.

    Have you looked inside a BIOS of a Dell computer? It allows you two different passwords. One being admin to prevent tampering of BIOS settings and the other system. With the system password set, the splash screen appears, but you won't be able to enter the BIOS or boot from a device until the system password has been entered (unless the user set it up to bypass prompting for the password on reboot).

  8. Another good way to protect against any sort of physical attack is to have your hard drive be the primary boot device in bios, then apply a password. This usually helps to protect against any sort of malicious boot disk or usb key, however I don't know how that effects the "press f12 to enter the boot menu."

    I would hope that that could be password protected as well, but I've never tested that before.

    If you were really paranoid about this attack, I wonder if you could install a ram scrubbing utility on your bios, just as you could install the ram dumping utility?

    Password or no password, F12 still applies unless you either:

    a.) Set a system password that must be entered to even use the system as in the case of digips laptop

    b.) Disable F12 in the BIOS and change the boot sequence with a password on the BIOS

    If the attacker wants to take your RAM the password for your BIOS/System won't matter or if they're smart take the whole system.

    As far as I know there's no scrubbing utilities at the BIOS level anyway. It would take longer to shut down your computer anyway so that would be a drawback to it.

    Great episode guys :)

  • Create New...