[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Abusing Windows 7 Recovery Process
- To: "Valdis.Kletnieks@xxxxxx" <Valdis.Kletnieks@xxxxxx>
- Subject: Re: [Full-disclosure] Abusing Windows 7 Recovery Process
- From: Moshe Israel <moshe.israel@xxxxxxxxxxx>
- Date: Sat, 13 Jul 2013 22:13:38 +0300
All secured/regulated systems as required by most certifications/standards/best
practices.
On Jul 13, 2013, at 8:52 PM, Valdis.Kletnieks@xxxxxx wrote:
> On Sat, 13 Jul 2013 13:23:18 +0200, Alex said:
>> This one is a classic, but it will fail integrity checks of
>> tripwire/ossec/whatever you use.
>
> What percent of systems actually do this?
>
> On Sat, 13 Jul 2013 14:19:19 +0200, Alex said:
>> And trigger automated incident/alarm
> Trigger the automated alarm from the tripwire program you just axed?
>
> Much more likely is some monitoring system like Big Brother or Zabbix
> alerting that the system has been rebooted. And again, the vast majority
> of systems don't have this sort of monitoring.
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/