moonlit

Thanks for coming, g'night!

Pardon me?

No comment.

Good advice, I started with small menus when learning to code/script on the Amiga and Acorn Archimedes computers back in the day, taught me a lot :)

Seen it, didn't know whether to laugh or cry... ...fortunately I chose cry with laughter :p

.... .... .... ....

Members come free with good content ;) Edit: Dude... check your Hacks section...

err... I'm an MS kinda guy too though and while I like IE (because I'm lazy and it comes with Windows), its FTP support sucks royally so I use a seperate client for that :)

But if we're completely honest it shows you web pages, right? That's what it's supposed to do, that's what it does... and in general it tends to do it well... It's just the security that sucks...

Bet you wouldn't say that if mentioned IE ;)

Woo... go TKAF!

I don't know any exploits for Arachne, maybe we should move to that ;)

IIRC there's something in the format that makes writing to the FAT and TOC awkward or something, this is why it's a lot harder to edit iSOs than it is to create them from scratch... Unless you use packet writing software which works on real CDs but I don't really know much about how that works...

True but an AV killer is useful for stuff other than the Switchblade :)

It's not currently set up to kill BitDefender, I'm curious as to why it gets picked up... I guess it's likely the registry access... See the wiki for info on what it can kill so far...

ROFLMAO. ROH-FALL-MAH-OH! LMAO. ROFL. Oh, ow... oh god.... oh... lmao... oh man...

The lady doth protest too much, methinks...

heheh I figured however basic my programming is, it beats rendering your USB ports useless ;)

Here's a (very) basic Switchblade prevention concept. It's extremely crude and unbelivably simple but... http://www.freewebs.com/5kah/SB_Prevent.rar Visual Basic 6 Source and compiled .exe to demonstrate simple file locking in the root dir of any drive. This could be expanded to subdirectories too and could be customised to only function if the drive is removable and/or a serial number is white/blacklisted. It could also work on any form of executable file (.exe, .com, .scr, .pif, .bat, .cmd, .bat, etc). Use with caution, it's probably rather buggy, I've tested it a little but during testing I zero'd out a couple of exe files... this is now fixed and as far as I know it's ok but you know how these things go... :) How to use: Run the program, point to the drive containing the executable(s) to prevent running and click lock. Try running the exe file, Windows should stop you from doing so. Click Unlock and quit the program to unlock. Again, it ONLY works on files in the root dir atm so files in directories WILL NOT BE LOCKED.

What's wrong with liking both? :)

Binary downloads back up on the wiki @ http://www.hak5.org/wiki/AV_Killer, source coming soon!

Around 2.7GB on a 160 minute VHS tape apparently PoyBoy ;)

Here's a (very) basic Switchblade prevention concept. It's extremely crude and unbelivably simple but... http://www.freewebs.com/5kah/SB_Prevent.rar Visual Basic 6 Source and compiled .exe to demonstrate simple file locking in the root dir of any drive. This could be expanded to subdirectories too and could be customised to only function if the drive is removable and/or a serial number is white/blacklisted. It could also work on any form of executable file (.exe, .com, .scr, .pif, .bat, .cmd, .bat, etc). Use with caution, it's probably rather buggy, I've tested it a little but during testing I zero'd out a couple of exe files... this is now fixed and as far as I know it's ok but you know how these things go... :) How to use: Run the program, point to the drive containing the executable(s) to prevent running and click lock. Try running the exe file, Windows should stop you from doing so. Click Unlock and quit the program to unlock. Again, it ONLY works on files in the root dir atm so files in directories WILL NOT BE LOCKED.

Aardwolf: My phears are subsiding, thanks for mentioning it though... I agree with VaKo in that the main Switchblade thread was more focussed on making the thing much more potent but hey, it's gonna happen anyways, right? :) MaxDamage: Strangely enough I didn't find it in the SDK but with a quick spot of googleing ;) I did see something about the SCSI-Enquiry do-dads too but I got sidetracked while I was offline... Still, looks like we might well be getting somewhere and I dare say that we might even find a positive use for this technology too ;) Edit: One of my sources: http://www.schneier.com/blog/archives/2006...ng_compute.html

I think I've got an idea for a Switchblade blocker; it's not very efficient but it's quick, dirty and does the job... I'll be posting up binaries and source in this thread within an hour or two, I've got a few other things to do but I think I've figured it out... stay tuned!