Full Disclosure: Re: Abusing Windows 7 Recovery Process

Re: Abusing Windows 7 Recovery Process

From: sec <sec () whatsploit me>
Date: Mon, 08 Jul 2013 16:27:19 -0400

Once you've inserted your payload with admin-or-better rights, it can be
anything from a rootkit that GP can't touch to a patched GP subsys that
doesn't apply AD policies. This isn't really a caveat.


On 2013-07-08 12:39:18 (+0200), Fabien DUCHENE wrote:

There may be an Active Directory domain policy which only allows a
configured set of groups/users to be admin of your workstation.
Keep in mind domain policies are applied at startup and periodically.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

Re: Abusing Windows 7 Recovery Process some one (Jul 01)
- <Possible follow-ups>
- Re: Abusing Windows 7 Recovery Process Fabien DUCHENE (Jul 08)
  - Re: Abusing Windows 7 Recovery Process some one (Jul 08)
    - Re: Abusing Windows 7 Recovery Process Chris Arg (Jul 09)
  - Re: Abusing Windows 7 Recovery Process sec (Jul 08)
    - Re: Abusing Windows 7 Recovery Process some one (Jul 10)
    - Re: Abusing Windows 7 Recovery Process Gregory Boddin (Jul 10)
    - Re: Abusing Windows 7 Recovery Process some one (Jul 10)
    - Re: Abusing Windows 7 Recovery Process adam (Jul 10)
    - Re: Abusing Windows 7 Recovery Process some one (Jul 10)
    - Re: Abusing Windows 7 Recovery Process Alex (Jul 12)
    - Re: Abusing Windows 7 Recovery Process Chris Arg (Jul 12)
    - Re: Abusing Windows 7 Recovery Process Alex (Jul 13)
    - Re: Abusing Windows 7 Recovery Process Julius Kivimäki (Jul 13)
    - Re: Abusing Windows 7 Recovery Process Alex (Jul 13)

(Thread continues...)