"Poison Pill"

(imported topic written by SystemAdmin)

The powers that be have asked me to research what it would take to deliver a poison pill that would render the targeted device un-bootable. I’m not worried about the drive being slaved as we have an encryption solution in place that will prevent that. We’re not using pre-boot authentication or two factor with our encryption software and some of our users have been known to post their user id / password on the device… Do any of you know of a command I can deliver through bigfix that will kill the OS? We have internet facing relays that have seen stolen devices checkin so the though would be to target a device with a poison pill once it’s confirmed stolen or lost.

(imported comment written by NoahSalzman)

Woo hoo! It’s a “cd /; rm -rf *” thread!

Official thread image.

Fastest on Windows: delete kernel32.dll.

More thorough: delete

.

?

The most clever technique (I’m sure we’ll get lots of posts) would be to keep the system looking “normal” as the files disappeared underneath.

(imported comment written by cstoneba)

http://forum.bigfix.com/viewtopic.php?pid=27543

(imported comment written by rwtrotter91)

I’m just setting my “kill pill” up now. Have you confirmed any commands actually work to disable the machine?

(imported comment written by SystemAdmin)

Haven’t had any luck with this yet.

(imported comment written by rwtrotter91)

I plan on playing around with this today. If I have any luck I will let you know.

(imported comment written by cstoneba)

this was untested, but may be worth trying:

http://forum.bigfix.com/viewtopic.php?id=3465

(imported comment written by SystemAdmin)

You might find this of interest in trying to recover a stolen computer: http://forum.bigfix.com/viewtopic.php?pid=36772

I think the above sufficiently adds computer recovery to BigFix/TEM. I’d like to be able to query the location of the device and other Prey reporting and have that go directly to a BigFix/TEM analysis. This should be possible, especially since it is open source.