Re: [Nolug] oops

From: Jimmy Hess <>
Date: Sun, 18 May 2014 00:15:46 -0500
Message-ID: <>

On Sat, May 17, 2014 at 2:15 PM, Ron Johnson <> wrote:
> The implication is that if you can hack into the SCCM machine, then you can
> create one hell of a DoS attack!

Perhaps, but this is not an attack that the average hacker would be
likely to pull off. It is not a case of "just pushing a wrong

Something like basic login scripts and simple group policy settings to
run malware, are much easier for a bad guy to have command of; plus
every AD environment, and any domain joined Windows machine can
leverage the simpler tools, with the right credentials..

SCCM is a complicated piece of software; you need to understand some
things about how it works.... it is a process that takes
approximately 15 steps to effectively pull off something like this
using SCCM.

I also do not believe that the claim that SCCM formatting itself and
machines it was not intended to could possibly be an honest mistake
by a competent operator following a well-thought-out procedure,

Setting up the deployment operation is complicated, and there are
plenty of chances to notice the mistake before beginning execution.

A hacker is much more likely to leverage administrative credentials
and rollout the malware or destruct command using simpler
easier-to-use tools which are readily available and could be run
from any Windows machine in the domain.

Or tamper with the scripts you are using in the environment,
including login scripts in SYSVOL, or installer packages or binaries
in order to piggyback on files that you are already deploying with
SCCM or with AD group policy.

Nolug mailing list
Received on 05/18/14

This archive was generated by hypermail 2.2.0 : 05/18/14 EDT