.

[Article]-Using Cold Boot Attacks and Other Forensic Techniq

<<

don

User avatar

Administrator
Administrator

Posts: 4229

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Sat Dec 14, 2013 2:54 pm

[Article]-Using Cold Boot Attacks and Other Forensic Techniq

This is a blog post. To read the original post, please click here »

ImageIt’s a Thursday evening, and happy hour begins in a few minutes. You’re ready to get out of the office, as quickly as possible. You’ve been working on a report, and you know you still have work to do in the morning. So you lock your machine. It’s safe enough, right? You’ve got a strong password and full disk encryption. Ophcrack or a bootable Linux distro like Kali won’t work. You’d think you’d be fine, but you’d be wrong. More and more, attackers are using blended attacks to get the good stuff, and that includes utilizing the latest in forensic techniques.

There is a single section of your computer full of unencrypted sensitive information any attacker would love to get their hands on: your active memory. The system stores all manner of valuable information in memory for easy reference. Full disk encryption mechanisms must store encryption keys within memory somewhere. The same is true for Wi-Fi encryption keys. Windows keeps the registry hives in memory, and consequently the System and SAM hives. Most clipboards are stored within memory. Many applications keep passwords within memory. The point is, memory houses much of the valuable information that the system needs at a moment’s notice. Getting to it requires using some of the same forensics techniques employed by attackers. This article helps add some of those techniques to your pentesting toolkit.
CISSP, MCSE, CSTA, Security+ SME
<<

UKSecurityGuy

User avatar

Jr. Member
Jr. Member

Posts: 88

Joined: Wed Mar 27, 2013 10:51 am

Post Sat Dec 14, 2013 6:18 pm

[Article]-Using Cold Boot Attacks and Other Forensic Techniq

Very interesting, at some point I actually need to grab an old laptop out to try this myself.

The article mentions Pen testers not realizing the benefits of memory dumps, but this is only really applicable to physical memory dumps. Virtual memory dumps from VMs are being used heavily by testers to access passwords, and this is especially the case as more and more organizations virtualise old 32bit Operating Systems that run their critical ancient apps.
<<

Wushu

User avatar

Newbie
Newbie

Posts: 1

Joined: Tue Dec 17, 2013 4:43 pm

Post Tue Dec 17, 2013 4:49 pm

[Article]-Using Cold Boot Attacks and Other Forensic Techniq

Thanks for the comment. It's a pretty decent amount of fun when you try it for the first time. There's just something about seeing the machine coated in frost that's ridiculous and awesome at the same time.

You are correct, virtual memory dumps are quite common. This attack is mostly to gain that first initial access into a workstation.

Return to /root

Who is online

Users browsing this forum: No registered users and 2 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software