Psychotomy

going to a SANS (http://www.sans.org/) conference this week. Hacking, intrusions, and general attacking of systems. Or the detection thereof.

basically “here’s how they’re gonna try to get in. learn it, love it, live it. now stop it”

so, we need a win and a RH boot. i figure i’ll gather some boxes and take in multiple laptops, and throw in a slack install (b/c the last day is an attack period where it’s basically capture the flag/etc, to see how much we’ve learned about the attack vectors and the defense). I fiure I don’t run win or RH, so the slack box lets me see how I REALLY stand up in security.

Except i could only find the power supply for one of my laptops. so i check the spare hardware room at the office. no working laptops. so last weekend we went out and bought me one at a computer show (emachine, 2.8G amd chip, 512 ram, 60g drive. not a bad machine, 600$). it works fine at the shw and the couple times i messed with it this weekend. so this morning i go to install windows updates. long ass online time as it makes me download the validation tool, then validates me, then has me download 30 minutes (i’m on a good conn!) of updates (and 30 minutes to install them i swear). THEN it says “Oh. You should REALLY get SP2!!! You’re not secure until you do!” duh. get it.

another half hour/45 minutes, its downloaded the 80M patch, verified that it downloaded it (i swear it doesn’t do that by a simple MD5 check, it re-downloads it or something). it installs it. it scans my harddrive for everything. it backs up everything it finds. it really installs it. it makes me reboot. and now it don’t talk to the harddrive.

WTF!

first thought: SP2 went fuck. but after some testing, i can’t get even a boot cd to talk to the drive (as in, i can’t even repartition/reformat the fucker). looks like a hit. during the TWO HOUR process of downloading fucking updates it looks like the system got hit. with something good. that locked the bootsector.

mother fucker!

Posted in: work by attriel /