DyKnow Stopper

What's the best way to setup a home network? Why should I care about BGP?

DyKnow Stopper

Post by ethanarb on Mon May 07, 2012 9:25 pm
([msg=66190]see DyKnow Stopper[/msg])

My school uses Dyknow to monitor our laptop screens, but of course I dont want to be watched! I have written a small program in C# that detects the process's and ends them. I was wondering of anyone else has developed something similar, but will allow you to send any image you want. Thanks!
ethanarb
New User
New User
 
Posts: 5
Joined: Mon May 07, 2012 9:21 pm
Blog: View Blog (0)


Re: DyKnow Stopper

Post by centip3de on Mon May 07, 2012 10:17 pm
([msg=66193]see Re: DyKnow Stopper[/msg])

ethanarb wrote:My school uses Dyknow to monitor our laptop screens, but of course I dont want to be watched! I have written a small program in C# that detects the process's and ends them. I was wondering of anyone else has developed something similar, but will allow you to send any image you want. Thanks!


Possibly? This would require attaching to the process (kinda complex, not really), and telling it to look somewhere else (pretty damn complex). It would require extensive reverse engineering, or the source of the program. Either way, it's possible, but I doubt anyone on this forum has done that hack for that specific program.
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. -Rick Cook
User avatar
centip3de
Moderator
Moderator
 
Posts: 1430
Joined: Fri Aug 20, 2010 5:46 pm
Blog: View Blog (0)


Re: DyKnow Stopper

Post by WallShadow on Tue May 08, 2012 3:33 pm
([msg=66212]see Re: DyKnow Stopper[/msg])

My school also uses dyknow, so this could be very useful to me. Would you please post the source code for us?
User avatar
WallShadow
Contributor
Contributor
 
Posts: 594
Joined: Tue Mar 06, 2012 9:37 pm
Blog: View Blog (0)


Re: DyKnow Stopper

Post by ethanarb on Wed May 09, 2012 7:28 pm
([msg=66248]see Re: DyKnow Stopper[/msg])

WallShadow wrote:My school also uses dyknow, so this could be very useful to me. Would you please post the source code for us?


All it does is scan for the ucpa and Monitor processes. And when they are detected, alerts you and lets you end them.
http://ethanarbuckle.com/basic.zip
ethanarb
New User
New User
 
Posts: 5
Joined: Mon May 07, 2012 9:21 pm
Blog: View Blog (0)


Re: DyKnow Stopper

Post by WallShadow on Thu May 10, 2012 4:14 pm
([msg=66260]see Re: DyKnow Stopper[/msg])

Thanks a lot ethanarb! This will really come in handy!
User avatar
WallShadow
Contributor
Contributor
 
Posts: 594
Joined: Tue Mar 06, 2012 9:37 pm
Blog: View Blog (0)


Re: DyKnow Stopper

Post by ethanarb on Thu May 10, 2012 7:33 pm
([msg=66263]see Re: DyKnow Stopper[/msg])

No problem! We also have Web filtering software (FortiClient) that im going to include with that. Also adding a interface! Hopefully :?
ethanarb
New User
New User
 
Posts: 5
Joined: Mon May 07, 2012 9:21 pm
Blog: View Blog (0)


Re: DyKnow Stopper

Post by WallShadow on Thu May 10, 2012 8:03 pm
([msg=66265]see Re: DyKnow Stopper[/msg])

Personally, the way I used to combat DyKnow in my school was a security exploit I found. The actual process that starts DyKnow on my school laptop is started by a small server side batch script which is executed at start-up. It had a simple {IF "%windir%"==""} using which i injected an EXIT command. But then the injection started screwing other stuff up so had to stop that. Though I must say, the injection made my laptop start-up about 2x faster, and cut down the list of active process three-fold (I actually compared it with a not compromised system).

So thanks, I look forward to using this. :D

WallShadow
User avatar
WallShadow
Contributor
Contributor
 
Posts: 594
Joined: Tue Mar 06, 2012 9:37 pm
Blog: View Blog (0)


Re: DyKnow Stopper

Post by ethanarb on Thu May 10, 2012 8:34 pm
([msg=66266]see Re: DyKnow Stopper[/msg])

Ahh. But DyKnow isnt started when the laptop boots up, but when the teacher triggers it... Or at least from what I can tell. Their are no other proccesses running that relate to dyknow when it isnt monitoring us.
ethanarb
New User
New User
 
Posts: 5
Joined: Mon May 07, 2012 9:21 pm
Blog: View Blog (0)


Re: DyKnow Stopper

Post by WallShadow on Fri May 11, 2012 3:38 pm
([msg=66276]see Re: DyKnow Stopper[/msg])

I looked back at it and noticed that the DyKnow on my school laptop is very different. It is incorporated into another system called ScriptLogic which is responsible for starting it and running it. It has about 5 or 6 processes running as services under several svchost.exe, and I also don't have administrator privileges, so I can't even view a full description on the process, much less terminate it. Back to the drawing board for me. :(
User avatar
WallShadow
Contributor
Contributor
 
Posts: 594
Joined: Tue Mar 06, 2012 9:37 pm
Blog: View Blog (0)


Re: DyKnow Stopper

Post by ethanarb on Fri May 11, 2012 6:32 pm
([msg=66279]see Re: DyKnow Stopper[/msg])

Is it not possible to simply replace the process's in the program I made with the ones that run on your netbook? It could easily be switched.
ethanarb
New User
New User
 
Posts: 5
Joined: Mon May 07, 2012 9:21 pm
Blog: View Blog (0)


Next

Return to Networking

Who is online

Users browsing this forum: No registered users and 0 guests