dm_rockso presence detection limitations

Coalfire-Research / DeathMetal

Red team & penetration testing tools to exploit the capabilities of Intel AMT

Other

254 stars 34 forks source link

Open theopolis opened 5 years ago

theopolis commented 5 years ago

Presence and version scanner, can help you find AMT capable systems regardless of provisioning status. (works even if explicitly not-enabled)

Can you elaborate on this? Does this mean any AMT-capable machine will respond to the UDP/623 probe, regardless of the AMT configuration?

Are there AMT configurations that disable the response?

theopolis commented 5 years ago

IIRC this probe will only work if the machine is running LMS, please correct me though!