I recall a 2600 article about bypassing whole disk encrption; Pwning Past Whole Disk Encryption - How to modify the init.img during Linux bootup to copy a shadow file or shell script for bypassing disk encryption, by by m0untainrebel
I beleive it was 2600 Magazine Volume 26, Number 4 (Winter 2009-2010) That maybe the place to start at least for data recovery or who knows you may have access to the agent from there. TR (eXe) On Wed, Oct 6, 2010 at 6:19 AM, Grymoire <[email protected]> wrote: > > >I'm trying to think of a way to intercept the login process, > >and delete the bad file/program, so we can fis the systems. > > > I've been thinking about possible approaches. > > * Set up a MITM system to intercept the network processes used to > authenticate a user during the login step. > * U3 Switchblade > * HID-based attack. Perhaps some USB driver is vulnerable. > > Windows also has some function keys that are active during the logon > screen. At Blackhat. I was talking to Richard Rushing who was > experimenting with HIDs, and he said he showed someone at Microsoft > that these keys caused a screen to pop-up, even though the user was > not logged in yet. They had to do with options for those with > physical limitations. > > The person from Microsoft commented that this looked like a security > issue (Irongeek - Note this). > > Anyhow - I'm looking for hints on approaches, and more ideas.... > > - Grym > > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > -- Tyler Robinson Owner of Computer Impressions
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
