[Boot from USB]

Copy the files from existing XP installation media over to a fat32 formatted flash drive. Use bootsect to make it bootable.

[coldboot episode and usb drive]

Ok, tune in at 12:02. He used GCC to compile the code. There's an option you need to throw in (they show it briefly if you wanna pause it). Darren said there was a note somewhere about it but I didnt see it on the site.

[Episode 5x21]

Would anyone be kind enough to detail how to compile the cold-boot tool and key finders? Some of us that arent so great with this kind of stuff havent had any luck.

[Easy and faster way to shut your computer down!]

...and forget about closing all your windows and have it shutdown? That is the process in which I am talking about....

...Maybe if you would have read and tried it out you would have understood it...

Ok, the force option isnt needed to close your apps. In addition you may shutdown your computer without closing your apps, granted any hanging apps would stop it until you ended it. Like you I was commenting, so maybe if you tried it you would understand it.

[coldboot episode and usb drive]

Ovbiously Darren has for the episode. hak5Darren, how'd you go about it?

[Problems with Google]

If frames are so looked down upon than whats the best replacement for them? They ovbiously have a purpose to some people.

[Easy and faster way to shut your computer down!]

How are you really shutting down your PC quicker anyhow? I notice you've got a 3 second delay in there for a silly message. You're best taking out the forcing everything to quit and limiting the time before it tries to shutdown to 0.

[coldboot episode and usb drive]

Yeah good luck. It would be nice if they put up a compiled version. They just assume all of us are hardcore coders.

[coldboot episode and usb drive]

Ok, it doesnt. Sometimes these type of files are executible. They've got a /docs dir that may come in handy. Bummer, I was going to try this out but like you I've got very limited experience compiling manually.

[coldboot episode and usb drive]

The download didn't come with a .bin file? Hmm... let me see if I can find it. As for compiling ovbiously you're missing something there or need to include a parameter with make.

[coldboot episode and usb drive]

If you're not modifying anything in the code use the pre-compiled bin and dd as shown on the episode to install it to a flash drive.

[Yay data leakage!]

I don't get what it is about storing data on these laptops that are getting stolen. If the files stay on a NAS at the office than it wouldn't matter. People are asking for trouble.

[Easy and faster way to shut your computer down!]

Every 3 Tuesdays if its up to date :P

[Episode 5x20]

521 + the whitepaper linked to in shownotes shows how to get the encryption keys...

[Gain Root Access on Any Windows Machine]

Ok, the at command can be used by a limited account even in XP SP2. Don't believe me? Type "at /?" at the command prompt. You should see the help output for at. Now while you cant actually "use" the at command beyond viewing the help this is an ovbious giveaway. The task scheduler service still runs under the SYSTEM account. With any luck what I'm thinking is MS only patched the at command itself. Even a limited user can create tasks using the GUI.

So what does this mean? I'm wondering if you can take a pre-sp2 XP version of the at command and use it? If MS only patched the at command stored on the local system whos to say you couldn't use an older version of at from say a flash drive...

And yes digip, you're right on there. The way anything involving proccesses in Windows works is that child proccesses always get the amount of system access the parent proccess (in this case at running as the system account) has.

[Gain Root Access on Any Windows Machine]

You sure about that? I just got done trying it on my XP SP3 box without issue.

[Gain Root Access on Any Windows Machine]

Wouldn't UAC protect against this? I'm amazed its that simple. And here people are thinking the screensaver login trick in 2000 was 1337.

[File paths]

In a batch, add this line before specifying the place to put files; it basically makes the root of the drive the working directory: cd\

[Episode 5x21]

I wonder if you could install a ram scrubbing utility on your bios, just as you could install the ram dumping utility?

Ok, I just read thier whitepaper detailing the research. If you read through thier writeup from thier research you'll find a lot of machines can do memory scrubbing on power on (not power off like I thought). In order for the memory to get scrubbed, the common quick boot option inside the BIOS must be disabled or in some BIOSes a more intensive POST. With quick boot enabled, it skips that functionality to speed up boot of the system. There's still a chance to be successful though if the attacker can get the memory transfered over to another machine.

[Boot from USB]

Yeah unetbootin's only good for linux installs. It doesnt work for Windows (unless you specify bootmgr as the kernel? - havent tried it)...

And I recommend grub4dos over just plain grub. Why? Well, grub4dos supports emulation of some floppy and iso images. I'm not sure if plain grub does that. Don't fiddle around with syslinux cause you can easily make a bootable grub/grub4dos disc.

[Episode 5x21]

There are numerous bios cracking utilities that can be used to get around system passwords, and you can always clear the CMOS to default the bios.

Thing is, a bios capable of system guarded passwords prevents you from even booting until you've entered it. So if you can boot from your little boot cd to clear the cmos than you could boot up the tool to dump the ram. Otherwise, the only way around it is taking the computer apart to reset at the CMOS or PWD jumpers or removing the CMOS battery. By the time you've done all that it would take too much time to acquire without stealing the system.

What laptop do you have if I may ask? I do not know of any system that asks for for a decryption or system password before the bios screen appears.

Have you looked inside a BIOS of a Dell computer? It allows you two different passwords. One being admin to prevent tampering of BIOS settings and the other system. With the system password set, the splash screen appears, but you won't be able to enter the BIOS or boot from a device until the system password has been entered (unless the user set it up to bypass prompting for the password on reboot).

[Episode 5x21]

Another good way to protect against any sort of physical attack is to have your hard drive be the primary boot device in bios, then apply a password. This usually helps to protect against any sort of malicious boot disk or usb key, however I don't know how that effects the "press f12 to enter the boot menu."

I would hope that that could be password protected as well, but I've never tested that before.

If you were really paranoid about this attack, I wonder if you could install a ram scrubbing utility on your bios, just as you could install the ram dumping utility?

Password or no password, F12 still applies unless you either:

a.) Set a system password that must be entered to even use the system as in the case of digips laptop

b.) Disable F12 in the BIOS and change the boot sequence with a password on the BIOS

If the attacker wants to take your RAM the password for your BIOS/System won't matter or if they're smart take the whole system.

As far as I know there's no scrubbing utilities at the BIOS level anyway. It would take longer to shut down your computer anyway so that would be a drawback to it.

Great episode guys :)

[Episode 5x21]

Looks interesting, I'll be watching a little later :)

[Boot from USB]

Go back and look through the hak5 eps if you need assurance. Somewhere they covered unetbootin on the show...

[vb.net and snmp]

System.Net? I know vb.net but I havent done any kind of net programming.