Cannot identify end-user device associations.

[crashincorporated]

We are utilizing this process to identify afflicted devices in our environment of around 100 users. I have successfully used JackIt to identify a significant number of vulnerable devices, but cannot track the device back to a specific end user. I have been injecting a text doc that asks the user to call support, but as you may imagine, not all users respond. I have scoured the device manager of a known vulnerable device and turned up nothing that corresponds to the data captured by JackIt. Does the address captured in the data displayed correspond to an identifier in Windows somewhere? Any other suggestions or assistance anyone can offer would be greatly appreciated!

[infamy]

It is the address of the device, the logitech utility does display it. Its not easy to find.

One thing you can do that works, is have a small script that opens a browser to webserver you can view the logs on your corp network, then you would have the IPs for all the affected host.

On Thu, Jun 7, 2018 at 9:09 AM, crashincorporated notifications@github.com wrote:

We are utilizing this process to identify afflicted devices in our environment of around 100 users. I have successfully used JackIt to identify a significant number of vulnerable devices, but cannot track the device back to a specific end user. I have been injecting a text doc that asks the user to call support, but as you may imagine, not all users respond. I have scoured the device manager of a known vulnerable device and turned up nothing that corresponds to the data captured by JackIt. Does the address captured in the data displayed correspond to an identifier in Windows somewhere? Any other suggestions or assistance anyone can offer would be greatly appreciated!

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/insecurityofthings/jackit/issues/44, or mute the thread https://github.com/notifications/unsubscribe-auth/AAL_Dy7EuOV7e53ygPXX9tx9mL3-ns12ks5t6VA2gaJpZM4UetFx .

[crashincorporated]

Thanks for a quick response and the suggestions! I considered the latter, but for auditing compliance we need to be able to demonstrate which device belongs to which user. Remediation isn't a problem, I can simply patch everyone as necessary, but I need to generate a report to produce to the auditors which demonstrates who the user was and identifies their specific device. Are you saying I can locate the address using the Logitech unifying software on the end-user PC? Any suggestions for non-logitech devices?

From: Alex Harvey Sent: Thursday, June 7, 12:49 PM Subject: Re: [insecurityofthings/jackit] Cannot identify end-user device associations. (#44) To: insecurityofthings/jackit Cc: crashincorporated, Author

It is the address of the device, the logitech utility does display it. Its not easy to find.

One thing you can do that works, is have a small script that opens a browser to webserver you can view the logs on your corp network, then you would have the IPs for all the affected host.

On Thu, Jun 7, 2018 at 9:09 AM, crashincorporated notifications@github.com wrote:

We are utilizing this process to identify afflicted devices in our environment of around 100 users. I have successfully used JackIt to identify a significant number of vulnerable devices, but cannot track the device back to a specific end user. I have been injecting a text doc that asks the user to call support, but as you may imagine, not all users respond. I have scoured the device manager of a known vulnerable device and turned up nothing that corresponds to the data captured by JackIt. Does the address captured in the data displayed correspond to an identifier in Windows somewhere? Any other suggestions or assistance anyone can offer would be greatly appreciated!

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/insecurityofthings/jackit/issues/44, or mute the thread https://github.com/notifications/unsubscribe-auth/AAL_Dy7EuOV7e53ygPXX9tx9mL3-ns12ks5t6VA2gaJpZM4UetFx .

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/insecurityofthings/jackit/issues/44#issuecomment-395507862, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AmLkUlayYr5d6ZfqQskD3RnCZMzEeMXbks5t6WengaJpZM4UetFx.

[infamy]

None i'm aware of. If you find something let us know. Would worth us adding to the Wiki.

On Thu, Jun 7, 2018 at 11:10 AM, crashincorporated <notifications@github.com

wrote:

Thanks for a quick response and the suggestions! I considered the latter, but for auditing compliance we need to be able to demonstrate which device belongs to which user. Remediation isn't a problem, I can simply patch everyone as necessary, but I need to generate a report to produce to the auditors which demonstrates who the user was and identifies their specific device. Are you saying I can locate the address using the Logitech unifying software on the end-user PC? Any suggestions for non-logitech devices?

From: Alex Harvey Sent: Thursday, June 7, 12:49 PM Subject: Re: [insecurityofthings/jackit] Cannot identify end-user device associations. (#44) To: insecurityofthings/jackit Cc: crashincorporated, Author

It is the address of the device, the logitech utility does display it. Its not easy to find.

One thing you can do that works, is have a small script that opens a browser to webserver you can view the logs on your corp network, then you would have the IPs for all the affected host.

On Thu, Jun 7, 2018 at 9:09 AM, crashincorporated < notifications@github.com> wrote:

We are utilizing this process to identify afflicted devices in our environment of around 100 users. I have successfully used JackIt to identify a significant number of vulnerable devices, but cannot track the device back to a specific end user. I have been injecting a text doc that asks the user to call support, but as you may imagine, not all users respond. I have scoured the device manager of a known vulnerable device and turned up nothing that corresponds to the data captured by JackIt. Does the address captured in the data displayed correspond to an identifier in Windows somewhere? Any other suggestions or assistance anyone can offer would be greatly appreciated!

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/insecurityofthings/jackit/issues/44, or mute the thread https://github.com/notifications/unsubscribe-auth/AAL_ Dy7EuOV7e53ygPXX9tx9mL3-ns12ks5t6VA2gaJpZM4UetFx .

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/ insecurityofthings/jackit/issues/44#issuecomment-395507862, or mute the threadhttps://github.com/notifications/unsubscribe-auth/ AmLkUlayYr5d6ZfqQskD3RnCZMzEeMXbks5t6WengaJpZM4UetFx.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/insecurityofthings/jackit/issues/44#issuecomment-395514141, or mute the thread https://github.com/notifications/unsubscribe-auth/AAL_D8mE_AATkOUKWLbfA2vxgPh1B9Pgks5t6WyVgaJpZM4UetFx .

[crashincorporated]

Just want to say thanks for pointing me at the unifying software, If you run the report from the utility it provides a log file wich includes the data I was seeking! We only have one or two afflicted devices that are not Logitech products, but if I find anything to help identify non-Logitech devices I will definitely post it up here.