I have actually used this variant of the U3 payload to check systems suspected of being infected. I also modified it to take live running memory images using Memory DD ( http://www.mantech.com/msma/MDD.asp ) by adding the file and editing the vbscript.
Butturini, Russell wrote: > So I think Gonz0r's site has been down for quite a while. You do need a > different version of the U3 universal customizer to work on Vista. Also, one > of the issues with the original payload is about 95% of the tools on it are > snared by AV. Of course the benefit of having them loaded on the U3 side is > that antivirus can't erase the files. > > Check here for some update information. The U3 solution presented here is a > different concept than attack, but you should be able to take the information > and create your own solution)Once again I'm a shameless self promoter): > > http://www.irongeek.com/i.php?page=videos/incident-response-u3-switchblade > > I hope you share your work with all of us! Feel free to reach out to me if > you have more questions. > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Bert Van Kets > Sent: Monday, November 23, 2009 4:15 AM > To: PaulDotCom Security Weekly Mailing List > Subject: [Pauldotcom] U3 enabled device > > Hi guys, > > I got me a 2GB U3 enable Sandisk Cruizer for 3€ on Friday. :-D > I've been looking into turning this into a switchblade/hacksaw but the > info I find - mostly on Hak5 of course - is more than three years old. > I have a copy of the Universal Customizer version 1.0.0.8 with the > included payload. I can not find any info on the real content of the > payload, nor on the way to actually use it (ex. where is the retrieved > data stored). Is there a better method, installer or payload? > Does anybody have an update on this? > > Thanks. > > Bert > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > > ****************************************************************************** > This email contains confidential and proprietary information and is not to be > used or disclosed to anyone other than the named recipient of this email, > and is to be used only for the intended purpose of this communication. > ****************************************************************************** > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
