Now that I have your attention. I need you help, faggots of

Frankly if they're wise enough to disable the USB ports they're wise enough to have monitoring software installed.

You could take a picture of the screen.

Email yourself the files?

>>725282838
>With the confidential nature of my work
Thing is if you ever got them, you can't use them. Ask your boss if you can use some for your portfolio, otherwise if they find out you took it, and you signed a disclosure agreement, you can be fucked

>>725283045
That's what I was thinking but because I work for such a huge company I wouldn't be surprised if they were a little behind the times

Also be advised any work you did on their computer on their time is definitely their intellectual property. Works the same for any research you did on a company's or university's computers/equipment etc.

>>725282838
enable the usb ports moron

>>725283184
/thread

>>725282838

are you a retard?

>what is email?

>>725283324
are you a retard?
>what is email monitoring software?

>>725283184

Pretty much this

>>725283184
That's the thing is that they never actually approve things for you to put in you portfolio because they don't want you to leave and go to a competitor. Its kind of common practice for designers to violate company policy like this because in a way you are looking out for number one.

>>725283430

so you thik they have emial software that can identify the contents of a file and match it to one thats not allowed to leave their network?

its fairly obvious why you are a designer. you actually are retarded.

also...

>what are encrypted and passworded zip files?

>>725283504
>>725283184
For example: I have friends who are designers at Faraday Future. At the end of every day they get files off their work computer because the company could collapse at any second. In the meantime they can apply at other OEMs and have a backup plan for when the company inevitably crashes and burns.

>>725283504
You should have addressed this before you signed your contract

>>725283430

some us army faggot got thousands of the most sensitive files ever stolen out of the army on a CD labeled "celine dion" and you cant even get some sketches out of some third rate company?

how does it feel to know some transgender cocksucker is smarter than you?

>>725283560
1. I am not OP.
2. I do work in a confidential environment (automotive)
3. Any company sharp enough to switch off USB ports can be assumed to be smart enough to realise that emails can have attachments. You don't have to match files, you just have to look which accounts are sending attachments and where to. Cross-match destination email domains to legitimate client domains and anything that is not on the approved database could be industrial espionage or theft.

You're new at this computer and email thingy, aren't you?

also...
>what are encrypted and passworded zip files?
Se above

>>725283784
Thats standard in the auto industry and with the limited places you can actually work as a designer you would be an idiot for turning a job down because of that.

>>725282838

>disconnect Ethernet cable, block wireless board
>zip what you want, put a password
>reconnect
>mail it using your personal mail to a temp mail

now all you have to do is justify why you were disconnected briefly and why the stuff you want is in your disk and not the server

>>725283946
Eyy decent idea

>>725283946
yeah we used to disconnect like that when the usb ports were enabled. Might could work.

File: 1313790949795.jpg (269KB, 853x1280px) Image search: [Google]

269KB, 853x1280px

mostly what I've expected from /b/ thus far but there are some inklings of ideas here

>>725283919

and you seem to have bought into the bullshit your employer tells you.

>confidential
>automotive

amateur.

come back when you have government clearance.

and trust me. a single encrypted zip file on a single email will make it out of the network. anyone responsible for running the monitoring software will not bother to check single files.

youve seen far too much mr. robot to actually realise that IT security in the real world is shit, the monkey paid to monitor it couldnt care less and theres that much noise on a company email server shit gets missed all the time.

>>725284018
>>725283946
email monitoring, especially personal accounts. For example, the company I do consultancy work has blocked access to popular email clients like Gmail, even on guest accounts.

>>725284286

so you send it from your work email account and pick it up at home.

noone is talking about using a third party client.

>>725284239
OP here:

I've thought it was actually like this for a while. better to be safe I guess

>>725282838
eh, have you tried:
bluetooth
ip (LAN/WLAN whatever, get your own router & encryption so that tracking is less likely)
take picture of screen with other device(it's stupid but cannot be tracked without filming you)

>>725284239
Oh, that's interesting.

I wonder why a few months ago I was told that one of the suppliers working with us had used their email to mail an attachment (just the one) out of the business? Caused quite a stir; they knew when, what address it went to and the IP and location of the computer that sent it. Didn't know what was in it when it went out of the firewall, though, but as soon as it was flagged the file was opened and examined by IT.

Perhaps I imagined it, because you clearly know what you are talking about, what with government clearance, and all.

>>725282838
your pretty much retarded

if it is your job, IT will help you solve your problem. dont try to "fix" anything and just visit the IT dude thats in charge of your stuff.

tell him that you need access to your design stuff and he might even setup a remote accessable storage (possibly even with vpn) where you can store your files that you need to "share" between work place and home.

there are plenty of solutions that you dont need to do anything for.

dont fuck things for yourself up and just go to the IT department/dude/admin

>>725284636

>told

yeah sure, anecdotes are evidence.

>>725282838
So, what's your profession exactly? Using confidential shit for your portfolio may get you fucked even if the management doesn't find out directly. Anyone who sees that material may suspect something, and tip the original company off. Also, if you work with computers, why don't you just know, or at least try searching for, how to reenable the USB ports?
Unless you're working in security (which it doesn't sound like) or military/high tech, high profit it's probably just a matter of user accessible settings. It's still a fucking stupid idea, you're going to get caught, and your material is probably kept secret for a reason.

>>725284636
deep package inspection is nothing new and if your company has a half good firewall it should run on all traffic you got

OP here:
Just for future reference; we used to put all of our images into one photoshop file with every image as a separate layer and put something like a dentist form as the top layer and then save it out as a photoshop PDF. This made it so that when you opened the PDF with adobe acrobat, then you would only see that top layer. Once you opened it in photoshop later, then you could get all of the images in the >200mb PDF file.

>>725284861
Not anecdotal. I was told by IT that the supplier had done it - I was the nominated contact for that particular supplier. I had to speak to the manager of the supplier to tell him that one of their staff had breached the T&Cs they had signed up to.

But carry on not believing if you want - no skin off my nose and it clearly makes you happy

>>725285049
thats monkey level security
if you want something secure you encrypt

>>725284887
I'm a car designer at a major american manufacturer. Reenabling copying files from the hard drive to a flash drive via usb requires an admin password.

>>725285037
Precicely. I've no idea what technology the IT guys use (I'm mech eng)

You tell this fuckwit, will you? He doesn't want to believe me
>>725284861
>>725284239

>>725284213
really like this gal.

>>725285233
OP here:
It is totally monkey level security haha but it made us feel better. Will encrypt next time. Thanks for making me realize that was dumb.

>>725285460
if you have something worth to hide one should always expect that someone knows what they are looking for. security through obfuscation is a meme. if your security doesnt rely proveable factors that work even if everybody knows the mechanics its useless.

>>725285289
So what you're trying to leak is production designs when it comes to cars? You don't see the danger of this, more than financial burden on the company?
I get what you want to do, but if you want to use that shit for your portfolio you'll have to do some designs that aren't contractually owned by the company. You will get fucked in the ass.

As to how to get this going, assuming you're willing to risk your job, your future career and everything to 'put together a portfolio' (no, I don't believe this is your motive, but I'm not here to tell you the moral reasons not to, you might want to leak something that actually deserves leaking) you'll have to get access to the admin account, which probably is a lot easier than you think, considering you're already established at the company in question.
Social engineering will get you a long way, but you may have to spend some time figuring out some minor hacks to get enough material for you to work with.
>newly employed at an IT security company

File: 1405550555225.gif (379KB, 499x253px) Image search: [Google]

379KB, 499x253px

Call me stupid or whatever..

But why don't you just print that shit on the office epson, roll it up and take it home. If you're going for a real life job you can take it with you. Or you can use a scanner to get it back to digital format.

That said, if you're going for a job and one of the things you outline in your portfolio is that you don't respect confidential material, maybe it's best you don't go there.

>>725283946

This

And change the file extension to .mov or .wmv (don't pack it in a binder it could flag as threat in the firewall), send it from the personal email at lunch break under some innocuous email like "fred's new hunting cabin" something boring like that.

>>725284239
>youve seen far too much mr. robot to actually realise that IT security in the real world is shit, the monkey paid to monitor it couldnt care less and theres that much noise on a company email server shit gets missed all the time.

Can confirm, but you have to imagine the possibilities of outsourced security.
>currently working for a company only dealing in security
>making sure your refrigerators aren't getting malicious software updates, turning them into zombies
>part of our daily routine is facepalming at our customers previous security solutions

>>725282838
how do you have the rendering software at home if the company won't let you take home the work?

>>725286222
The production stuff is whatever because the actual car will be out. Most of the stuff that I'm interested in are things like sketches for a concept car that got cancelled or sketches that were proposed for a program(car) that were not chosen as a theme. It's not exactly like I'm giving away secrets when I send off my portfolio. Thanks for the tip on getting an admin password though.

>>725286553
Thats not crazy at all, just very time consuming.

>>725287073
>rendering software

it's photoshop, dude. Not exactly hard to get. I'm just talking about jpgs.

>>725287073
You serious?
You poor?
You stupid?
You stupid and poor?
Torrent last years version.

>>725287429

see
>>725286553

Who cares if it's time consuming, you've just wasted an hour talking on here about it.

Assuming the ports are disabled via group policy or other software, boot from a linux distro and copy the files to a USB stick.

If the software doesn't run, it can't block the ports.

>>725287557
Thats not a bad idea actually. Would they be able to tell if I ran linux for a bit?

>>725287727
Disconnect from network.

It will simply be like you shutdown your computer.

Can the USB ports be activated with the jumpers on the motherboard? Passwd protection could be still on but doesn't matter anymore. Reseal the screws afterwards.

>>725287557
>>725287727
>>725287815

>>725287557
Could you run the linux with liveCD?

>>725287815
brilliant. thank you sir.

>>725288096
Yep

>>725282838
my work does this. no restrictions on burning CDs though so I copy data that way.

>>725282838
Attach artwork to email with no recipient
Save as draft.
Log into email profile off site and download

>>725288578
I've heard of other guys doing this as well but wouldn't IT be able to tell that you uploaded something?

>>725288486
you can run a livecd but you can't burn the pictures on a cd? wat?

>>725288772
Well, if they've got absolute admin control of their email domain they'll be able to tell what ip address the download was made to, do you have access to a vpn?

>>725288851
I never mentioned burning pictures to a CD.

Once in linux, the USB ports should work.

>>725289033
OP here:
I don't but that wouldn't be a bad thing to have anyway.

>>725289316
But they'll still see the vpn access your email profile, unless you open a vpn connection from inside to an outside device, they'll see packets going out but won't be able to see what it is.

>>725289316
Also setting up a vpn on a ddwrt router is super easy and free.
I do residential IT on the side and have a vast array of vpn's if I need to obscure my location

>>725288851
The admin can disable burning option without disabling the CD/DVD player. Player is now read-only.

>>725289841
If you go through this much trouble, try Teamviewer portable and transfer the files to your home computer.

>>725289841
Thats a good tip, actually. Thanks.

I use Evernote all the time for docs. It syncs flawlessly across devices. If management asks, just tell them it's a to do list

CBA to read so idk if this was mentioned but every time you insert or remove any USB device, it's logged. If you did it before, you already left a trail.

Are you sure it's not a broken USB device or a broken USB port? Do your keyboard and mouse still work?

If your employer isn't ok with you moving your own work from the workplace to your house, my primary suggestion would be to just recreate it at your house and not risk losing your job over it.

Short of that, best deniability bet would be to rent a Russian-hosted VPS and a serve malware from it via a spoofed email to your address. Make it something akin to what Eastern European spear-phishing malware campaigns look like (fake job application with infected PDF/DOC, url to a JDB or similar victim-initiated attack vector). "Fall for it" and play dumb if you're caught.

File: 1471579674309.jpg (62KB, 736x736px) Image search: [Google]

62KB, 736x736px

>>725290934

This guy fucks!

>>725290934
>rent a Russian-hosted VPS and a serve malware from it via a spoofed email to your address.

They did exactly that just some years ago.

Doesn't work that well anymore because instead of ID'ing incoming shit, the scanners have advanced low level AI based blocks for sorting the incoming traffic. It's quite good nowadays and if the admin knows what he is doing, chances are this doesn't work anymore.

>>725290934
They upgrade our computers every couple of years so the new ones won't let you copy to a flash drive via usb. When I copied stuff it was from another person's machine that hadn't been swapped for a new one.

I can recreate how I laid images out on a page but recreating the actual sketch is pretty damn difficult. Remember this is artwork we are talking about here.

That last part is probably a little beyond my capabilities. I'm an artist/designer, not an engineer/programmer

>>725291490
krasivaya!

>>725283946
yes. this.

>>725291658
then hex encode your entire image file and send 1Kb blocks of it as a get parameter to a site you own that seems innocent and work-related (won't be on any blacklists provided the domain wasn't previously registered and is served from a reputable host) and reconstruct from apache logs later. E.g.

www.blahblahengineering.org/{first 1kb of your file in hex}
www.blahblahengineering.org/{second 1kb of your file in hex}
www.blahblahengineering.org/{third 1kb of your file in hex}
www.blahblahengineering.org/{Nth 1kb of your file in hex}

set the page to set a cookie and increment cookie each visit. have different content (all relevant to work) for each counter # in this cookie

>>725291490
Fucked once when I was 17 and haven't since then, so no, I've fucked, as in past-tense singular.

>>725290072
ok, makes sense
still surprising that third party boot is not protected/disabled in the bios then

>>725292663
he was quoting Silicon Valley but at least you're honest

>>725291658
problem with
>>725292447 ?