Your problem starts here... Everything else is the consequence of this... This is what you should be preventing.. How to prevent it?Originally posted here by ghostmachine
say for a simple example, user downloaded netcat (from his home,maybe)
bring it to office on a USB/floppy/CDROM , insert it {....}
1) proxies/content scanners can prevent downloading executable content.
2) rip out floppy and cd-drives..
3) disable Mass Storage devices (memory sticks et al)
No need to create a batch....and start creating a batch such as
echo "HEAD / HTTP/1.1\n\n" | nc.exe -vv <IP> ( ok i forgot the exact syntax, roughly it's like this for example)
Then he can double click the batch and it will execute.
What about Start -> Run... ?
What about Taskmanager's File -> Run.. ?
What about WSH, vbs, js?
There's a plethora of different ways to execute it..
Heck, I could even embed it into a html page and have it execute clientside by using javascript..
Reply With Quote