Replying to Avatar Guy Swann

Scenario:

#Hacking #Bitcoin #Cypherpunks

Say you had 10 minutes (minus finding it and setting up) with someone’s MacBook, and you wanted to “infect” or pull as much information from it as possible without ANY logs showing that you’ve done anything to it, or plugged in any devices.

The MacBook is closed, asleep, and locked with the basic password.

What could you do, and could you ensure that there was no indication at all (no logs whatever) that suggested you had tampered with it?

If yes, what would you need to pull it off?

#asknostr
Avatar
Enki 1y ago

Just a usb and about 60 seconds. Logs would still show up though so they would need to have some persistent way to log in remotely and delete logs.

Reply to this note

Please Login to reply.

Discussion

Avatar
Guy Swann 1y ago

What would you have on the ISB, and how would you root it to get remote access later?

Avatar
Enki 1y ago

Not sure its still a valid project one called poisontap comes to mind. You would plug it in and it would Exfiltrate cookies, poison your DNS cache, and then installed persistent backdoor for logging in later. As far as I know it worked on all OS's

Avatar
Enki 1y ago

This was the project im refering to.

https://samy.pl/poisontap/

Avatar
semisol 1y ago

does not work with https and some new caching and isolation countermeasures added by browsers

Avatar
Enki 1y ago

Ah yeah. I knew it dident work with https. I was not aware of newer browser countermeasures, hence why I said it's probably not a valid project anymore.

Avatar
semisol 1y ago

It’s a side effect of privacy ones actually.

Caching and cookies are now isolated by top level origin