Nerdpedes,
have a look at
https://security.stackexchange.com/questions/64915/what-are-the-biggest-security-concerns-on-pxe
Best of:
I can capture a full machine image. Do your systems automatically connect to the domain controller after setting up the machine? If so, this image probably has domain controller credentials on it, that I can capture and use elsewhere.
Computer makes a DHCP request --> DHCP server responds with address and PXE parameters --> Computer downloads boot image using TFTP over UDP
If the good guys got the traffic on that low level, unencrypted. Then they would have it all.
Yes, to expand on what you've said.
IDRAC allows both remote control, and BIOS configuration changes. With the BIOS changes they could be configured to boot from network first essentially having them boot "Dirty" via PXE Boot during the elections. The dirty OS run its own version of the vote counting software that the auditors never see, and writes the results to the Database on Disk. Once the elections are over. They boot clean from disk. When an auditor powers them back on the PXE server isnt on the network so the boot they disk, and load the clean OS and all the clean programs, and appear good.
In sprit this has a lot of parallels to how Volkswagen cheated, albeit more technical and with a few more steps, but at the end of the day these ran DIRTY during the election, and would appear CLEAN to an auditor or anyone who powered them up.
The thing is about all this is the router logs would have a good chance of catching this via logs on DHCP forwarding, which is why the Maricopa Country Board of Supervisors is fighting tooth and nail not to turn over the logs.
Up up