Comments on: Updates: bpmtk and Hakin9; PDF and Metasploit http://blog.didierstevens.com/2008/12/09/updates-bpmtk-and-hakin9-pdf-and-metasploit/ (blog 'DidierStevens) Sat, 11 Feb 2012 16:16:49 +0000 hourly 1 http://wordpress.com/ By: PDF Info Stealer PoC « Didier Stevens http://blog.didierstevens.com/2008/12/09/updates-bpmtk-and-hakin9-pdf-and-metasploit/#comment-37792 Mon, 08 Mar 2010 00:01:19 +0000 http://blog.didierstevens.com/?p=994#comment-37792 [...] To protect confidential data, don’t let it be accessed by systems with Internet access. That’s not very practical, but it’s reliable. Or use strong encryption with strong passwords (not the default RC4 Excel encryption). The info stealer will have the extra difficulty to steal the password too. [...]

]]> By: Ryan J http://blog.didierstevens.com/2008/12/09/updates-bpmtk-and-hakin9-pdf-and-metasploit/#comment-34729 Wed, 29 Apr 2009 10:41:56 +0000 http://blog.didierstevens.com/?p=994#comment-34729 Thanks for the swift reply!
I’ll have to look into it, thanks for pointing me in the right direction
Ryan J

]]> By: Didier Stevens http://blog.didierstevens.com/2008/12/09/updates-bpmtk-and-hakin9-pdf-and-metasploit/#comment-34724 Wed, 29 Apr 2009 09:21:43 +0000 http://blog.didierstevens.com/?p=994#comment-34724 The Sysinternals tools, like Procmon. I noticed cmd.exe accessed registry key DisableCMD just before the warning was displayed the cmd.exe is disabled by the administrator.

]]> By: Ryan J http://blog.didierstevens.com/2008/12/09/updates-bpmtk-and-hakin9-pdf-and-metasploit/#comment-34723 Wed, 29 Apr 2009 09:17:25 +0000 http://blog.didierstevens.com/?p=994#comment-34723 I’m sorry but how did you observe the process?
Did you use the Toolkit? Or some other tool?
I had a look at your Reverse Engineering Mentoring and found a reference to DisableCMD in the cmd.exe but couldn’t understand what it meant.
Thanks for your Blog and Programs.
Ryan J

]]> By: Didier Stevens http://blog.didierstevens.com/2008/12/09/updates-bpmtk-and-hakin9-pdf-and-metasploit/#comment-34692 Fri, 24 Apr 2009 12:22:51 +0000 http://blog.didierstevens.com/?p=994#comment-34692 Well, for DisableCMD I did it with dynamic analysis, i.e. observing the process started with and without the setting and see what’s different.

]]> By: Ryan J http://blog.didierstevens.com/2008/12/09/updates-bpmtk-and-hakin9-pdf-and-metasploit/#comment-34690 Fri, 24 Apr 2009 09:33:18 +0000 http://blog.didierstevens.com/?p=994#comment-34690 Hey there,

I’ve bought the Hackin9 magazine and read your article.
To me its a little confusing but that’s because im new to this kind of thing.
It may sound a little n00bish but how do you find out that there is a reference to DisableCMD and the like?
I would appreciate any help you can give me as this toolkit really interests me.
Thanks
Ryan J
p.s I love your work!

]]> By: freagan http://blog.didierstevens.com/2008/12/09/updates-bpmtk-and-hakin9-pdf-and-metasploit/#comment-33843 Thu, 11 Dec 2008 20:59:15 +0000 http://blog.didierstevens.com/?p=994#comment-33843 Thank you for your reply, since I live in Italy I think that I have to wait for the pdf version ;-)

]]> By: Didier Stevens http://blog.didierstevens.com/2008/12/09/updates-bpmtk-and-hakin9-pdf-and-metasploit/#comment-33841 Thu, 11 Dec 2008 12:02:32 +0000 http://blog.didierstevens.com/?p=994#comment-33841 It’s in the last issue, published this week.

]]> By: freagan http://blog.didierstevens.com/2008/12/09/updates-bpmtk-and-hakin9-pdf-and-metasploit/#comment-33840 Thu, 11 Dec 2008 07:52:56 +0000 http://blog.didierstevens.com/?p=994#comment-33840 I’m curious to read that hakin9 article, is it already out? In wich issue can I find it?
thank you and keep up the good work ;-)

]]>