thought u3 was not disabled by MS update http://blogs.technet.com/srd/archive/2009/04/28/autorun-changes-in-windows-7.aspx
On Mon, Nov 23, 2009 at 3:18 PM, Butturini, Russell <[email protected]> wrote: > To a degree. One thing that is great though is the fact that everything is > stored inside an ISO image, meaning AV can't wipe out your toolsets, and it's > harder for anyone to mess with the payload/tools you have included. > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Robert Portvliet > Sent: Monday, November 23, 2009 1:33 PM > To: PaulDotCom Security Weekly Mailing List > Subject: Re: [Pauldotcom] U3 enabled device > > Didn't Microsoft disable autorun with an update a while back to > disable one of Conficker's attack vectors? > > This would pretty much kill the usefulness of the U3 switch-blades, right? > > > > On Mon, Nov 23, 2009 at 12:17 PM, Butturini, Russell > <[email protected]> wrote: >> So I think Gonz0r's site has been down for quite a while. You do need a >> different version of the U3 universal customizer to work on Vista. Also, >> one of the issues with the original payload is about 95% of the tools on it >> are snared by AV. Of course the benefit of having them loaded on the U3 >> side is that antivirus can't erase the files. >> >> Check here for some update information. The U3 solution presented here is a >> different concept than attack, but you should be able to take the >> information and create your own solution)Once again I'm a shameless self >> promoter): >> >> http://www.irongeek.com/i.php?page=videos/incident-response-u3-switchblade >> >> I hope you share your work with all of us! Feel free to reach out to me if >> you have more questions. >> >> -----Original Message----- >> From: [email protected] >> [mailto:[email protected]] On Behalf Of Bert Van Kets >> Sent: Monday, November 23, 2009 4:15 AM >> To: PaulDotCom Security Weekly Mailing List >> Subject: [Pauldotcom] U3 enabled device >> >> Hi guys, >> >> I got me a 2GB U3 enable Sandisk Cruizer for 3€ on Friday. :-D >> I've been looking into turning this into a switchblade/hacksaw but the >> info I find - mostly on Hak5 of course - is more than three years old. >> I have a copy of the Universal Customizer version 1.0.0.8 with the >> included payload. I can not find any info on the real content of the >> payload, nor on the way to actually use it (ex. where is the retrieved >> data stored). Is there a better method, installer or payload? >> Does anybody have an update on this? >> >> Thanks. >> >> Bert >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> >> ****************************************************************************** >> This email contains confidential and proprietary information and is not to >> be used or disclosed to anyone other than the named recipient of this email, >> and is to be used only for the intended purpose of this communication. >> ****************************************************************************** >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > > > ****************************************************************************** > This email contains confidential and proprietary information and is not to be > used or disclosed to anyone other than the named recipient of this email, > and is to be used only for the intended purpose of this communication. > ****************************************************************************** > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
