[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Abusing Windows 7 Recovery Process

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Abusing Windows 7 Recovery Process
From: sec <sec@xxxxxxxxxxxxx>
Date: Mon, 08 Jul 2013 16:27:19 -0400

Once you've inserted your payload with admin-or-better rights, it can be
anything from a rootkit that GP can't touch to a patched GP subsys that
doesn't apply AD policies. This isn't really a caveat.

On 2013-07-08 12:39:18 (+0200), Fabien DUCHENE wrote:
> There may be an Active Directory domain policy which only allows a
> configured set of groups/users to be admin of your workstation.
> Keep in mind domain policies are applied at startup and periodically.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Abusing Windows 7 Recovery Process
  - From: some one

References:
- Re: [Full-disclosure] Abusing Windows 7 Recovery Process
  - From: Fabien DUCHENE

Prev by Date: [Full-disclosure] HQ SQLi's found by hack_addicted.pt
Next by Date: Re: [Full-disclosure] Abusing Windows 7 Recovery Process
Previous by thread: Re: [Full-disclosure] Abusing Windows 7 Recovery Process
Next by thread: Re: [Full-disclosure] Abusing Windows 7 Recovery Process
Index(es):
- Date
- Thread