Got it to work from USB, details to come. :) On Tue, Jul 7, 2009 at 4:25 PM, Tim Mugherini <[email protected]> wrote:
> Does checkpoint with that option overwrite the nt boot loader the way > PGP and truecrypt does? > > On 7/7/09, Dr Adapter <[email protected]> wrote: > > Hello > > > > It appears that this works against Checkpoint FDE with WIL (windows > > integrated logon) enabled. I was hoping that the Pre-boot process of > > Checkpoint FDE would have wiped out whatever kon-boot was doing in memory > > but it appears that it doesn't and allows the kernel patch to go ahead. > > Using the pre-boot authentication mode does prevent it if you don't have > an > > account to access the decryption keys. > > > > I agree with Mick that this makes an amazing demo...especially when > people > > make the trade off between usability and security. > > > > D > > > > > > > >> > >> > >> ---------- Forwarded message ---------- > >> From: Michael Douglas <[email protected]> > >> To: PaulDotCom Security Weekly Mailing List < > >> [email protected]> > >> Date: Tue, 07 Jul 2009 09:17:21 -0400 > >> Subject: Re: [Pauldotcom] Kon-Boot on a USB > >> KON can't do it all, and hard disk crypto seems to be the one thing > >> that stops this fun little tool cold. I think from a white hat > >> perspective, it makes for an amazing demo of why FDE is needed. > >> > >> > >> > I'll be at DEFCON tho! :D > >> > not that anyone cares ;) > >> > >> BS! we care! :-) be sure to look us up! > >> - Mick > >> > >> > >> On Mon, Jul 6, 2009 at 11:44 PM, John Navarro<[email protected]> wrote: > >> > That was one of the reasons I wanted to test Kon-boot, however I > >> > couldn't > >> > take it too far since I was testing it on a work laptop to see if I > >> > could > >> > defeat the partial disk encryption (with permission of course!). Of > >> course I > >> > could dump everything from linux anyways, but still couldn't gain > access > >> to > >> > the one encrypted drive :( > >> > > >> > I'll be at DEFCON tho! :D > >> > not that anyone cares ;) > >> > > >> > On Mon, Jul 6, 2009 at 7:13 PM, Robin Wood <[email protected]> wrote: > >> >> > >> >> 2009/7/7 Adrian Crenshaw <[email protected]>: > >> >> > Ok, tested a few things on my Vista 32 box: > >> >> > >> >> > 1.Can't access network resources(prompted for password), but that's > >> >> > expected. > >> >> > 2. I Can dump the real password hashes. > >> >> > 3. EFS is not bypassed. > >> >> > 4. Could change my password, but had to use MMC because the default > >> user > >> >> > accounts interface was confused. > >> >> > 5. Rebooted into normal mode, logged in with new password but still > >> >> > could > >> >> > not get to the EFS files. > >> >> > 6. Change password back, logged in/out and then could get to my EFS > >> >> > file. > >> >> > >> >> That would be because the EFS couldn't be decrypted when you first > >> >> logged in so changing the password on it wasn't possible. > >> >> > >> >> Robin > >> >> _______________________________________________ > >> >> Pauldotcom mailing list > >> >> [email protected] > >> >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > >> >> Main Web Site: http://pauldotcom.com > >> > > >> > > >> > _______________________________________________ > >> > Pauldotcom mailing list > >> > [email protected] > >> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > >> > Main Web Site: http://pauldotcom.com > >> > > >> _______________________________________________ > >> Pauldotcom mailing list > >> [email protected] > >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > >> Main Web Site: http://pauldotcom.com > >> > >> > > > > -- > Sent from my mobile device > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
