To a degree. One thing that is great though is the fact that everything is stored inside an ISO image, meaning AV can't wipe out your toolsets, and it's harder for anyone to mess with the payload/tools you have included.
-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Robert Portvliet Sent: Monday, November 23, 2009 1:33 PM To: PaulDotCom Security Weekly Mailing List Subject: Re: [Pauldotcom] U3 enabled device Didn't Microsoft disable autorun with an update a while back to disable one of Conficker's attack vectors? This would pretty much kill the usefulness of the U3 switch-blades, right? On Mon, Nov 23, 2009 at 12:17 PM, Butturini, Russell <[email protected]> wrote: > So I think Gonz0r's site has been down for quite a while. You do need a > different version of the U3 universal customizer to work on Vista. Also, one > of the issues with the original payload is about 95% of the tools on it are > snared by AV. Of course the benefit of having them loaded on the U3 side is > that antivirus can't erase the files. > > Check here for some update information. The U3 solution presented here is a > different concept than attack, but you should be able to take the information > and create your own solution)Once again I'm a shameless self promoter): > > http://www.irongeek.com/i.php?page=videos/incident-response-u3-switchblade > > I hope you share your work with all of us! Feel free to reach out to me if > you have more questions. > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Bert Van Kets > Sent: Monday, November 23, 2009 4:15 AM > To: PaulDotCom Security Weekly Mailing List > Subject: [Pauldotcom] U3 enabled device > > Hi guys, > > I got me a 2GB U3 enable Sandisk Cruizer for 3€ on Friday. :-D > I've been looking into turning this into a switchblade/hacksaw but the > info I find - mostly on Hak5 of course - is more than three years old. > I have a copy of the Universal Customizer version 1.0.0.8 with the > included payload. I can not find any info on the real content of the > payload, nor on the way to actually use it (ex. where is the retrieved > data stored). Is there a better method, installer or payload? > Does anybody have an update on this? > > Thanks. > > Bert > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > > ****************************************************************************** > This email contains confidential and proprietary information and is not to be > used or disclosed to anyone other than the named recipient of this email, > and is to be used only for the intended purpose of this communication. > ****************************************************************************** > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com ****************************************************************************** This email contains confidential and proprietary information and is not to be used or disclosed to anyone other than the named recipient of this email, and is to be used only for the intended purpose of this communication. ****************************************************************************** _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
