lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: sgmasood at yahoo.com (S G Masood)
Subject: Imaging Operating Systems

--- Shawn Cox <shawn.cox@...a.com> wrote:
> Norton/Symantec Ghost
> PowerQuest Drive Image(I think Norton gobbled this
> one up)
> 
> Or for the truly crafty vmWare.


Yeah. And do remember that though VMware is the
platform of choice for many testlabs, malware can
change its behaviour when it detects that it is being
run in a VMware virtual machine. 

For example, see this short but interesting article
about how to detect a Virtual OS from a VXers point of
view -  http://29a.host.sk/29a-7/Articles/29A-7.011

I personally have not come across any malware which
changes its behaviour when it detects VMWare, but,
since it's relatively trivial, it may become standard
practice in the near future.

--
S.G.Masood

--
"Fools ignore complexity; pragmatists suffer it;
experts avoid it; geniuses remove it."






> 
> --S
> 
> ----- Original Message ----- 
> From: "Michael Schaefer" <mbs@...trealm.com>
> To: "Full-Disclosure"
> <full-disclosure@...ts.netsys.com>
> Sent: Wednesday, May 26, 2004 1:55 PM
> Subject: [Full-Disclosure] Imaging Operating Systems
> 
> 
> > Hi all
> > 
> > We are building a Windows test system, to try out
> tool bars, spy ware, 
> > malware and trojans on.
> > 
> > Once we learn what we need to know, we obviously
> want to get rid of the 
> > junk quickly and cleanly.
> > 
> > I keep hearing suggestions about having a "clean
> image" to transfer onto 
> > the computer.
> > 
> > Can anyone send some details?
> > 
> > Is there an official Microsoft way to do this?
> > 
> > Is some sort of over the network OS installation
> script in order here?
> > 
> > Are there other vendors that do a better job?
> > 
> > Thanks
> > 
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter:
> http://lists.netsys.com/full-disclosure-charter.html
> > 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter:
http://lists.netsys.com/full-disclosure-charter.html


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ