Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Abusing Windows 7 Recovery Process

From: Moshe Israel <moshe.israel () grsee co il>
Date: Sat, 13 Jul 2013 22:13:38 +0300
All secured/regulated systems as required by most certifications/standards/best practices.


On Jul 13, 2013, at 8:52 PM, Valdis.Kletnieks () vt edu wrote:


On Sat, 13 Jul 2013 13:23:18 +0200, Alex said:

This one is a classic, but it will fail integrity checks of 
tripwire/ossec/whatever you use.


What percent of systems actually do this?

On Sat, 13 Jul 2013 14:19:19 +0200, Alex said:

And trigger automated incident/alarm

Trigger the automated alarm from the tripwire program you just axed?

Much more likely is some monitoring system like Big Brother or Zabbix
alerting that the system has been rebooted.  And again, the vast majority
of systems don't have this sort of monitoring.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: