Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Re: Copying secret windows file

from [cwright] Network Security [Permanent Link]
Subject: Re: Re: Copying secret windows file
Date: 27 Dec 2007 19:06:01 -0000 
Hi,
Sorry to destroy your sense of insecurity, but this is not the case.

There are a number of methods that may be used to dump SAM in memory. Any user 
with Debug privilages has effectively full access to memory and many system are 
set this way). On top of this, there are means to obtain access without 
authorisation.

Take Meterpreter for instance. This toolset comes with "Sam Juicer". Sam Juicer 
"slides" over a memory channel as a direct memory injection that leaves no disk 
or registry evidence (hence my push on memory forensics).

Any memory/LSASS, services channel, direct disk or registry hole can be used to 
get the SAM. The SAM Juicer uses the first. There are other tools for all the 
other levels.

Regards,
Dr Craig Wright (GSE-Compliance)

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  MailMarshal, ahgaber_rehan
Next by Date:  Tool for sending malicious traffic to destination system, Ravi
Previous by Thread:  Re: Copying secret windows file, jwbensley
Next by Thread:  Rép : VOIP Pen TEST, Adrien
Indexes:  [Date] [Thread] [Top] [All Lists]