('binary' encoding is not supported, stored as-is) In-Reply-To: <sc061540.013at_private> >I want to set up a pc in my lab that has boobytraps and/ > or logic bombs set (for boot or shut down). Very interesting. Can you specify a platform (ie, Linux, NT/2K, etc)? I'd explore options used on Win32 systems by trojans and worms to remain persistent... Win9x/ME - Entries in the autoexec.bat, such as "rmdir /s /q c:\*" - Entries in the system.ini and win.ini files NT/2K - Trojaning the GINA DLL Both - The classic "Run" key and it's variants - Entries in user startup directories You might also consider some physical boobytraps... - Rewire the power switch to initiate something other than power to the box - Place an empty shot glass on top of the hard drive inside the case, and close the case. If the investigator picks the box up and moves it without checking inside the box, inform him of a case (I was told about this one during some forensics training I attended) in which a shot glass was filled w/ extremely powerful acid and 'hidden' in such a manner. ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Nov 29 2001 - 09:29:42 PST