Archive

Archive for the ‘Windows’ Category

Windows 7 UAC bypass

September 11, 2013 Leave a comment
Categories: C/C++, Windows

Learn and assess your SysInternals skills

September 8, 2013 Leave a comment

http://www.microsoftvirtualacademy.com/m/tracks/utilizing-sysinternals-tools-for-it-pros

Microsoft Premier Field Engineers step through a technical deep dive on utilizing SysInternals tools. This course focuses on key administrative and diagnostic utilities and addresses key insights, and best practices.

Advertisement
Categories: OS Internals, Windows

Another way to use the PATH to hack exe’s

September 6, 2013 Leave a comment

http://carnal0wnage.attackresearch.com/2013/09/finding-executable-hijacking.html

Good idea to modify path to point to SMB share where common DLLs will load from first.

Categories: Windows

CodeMachine’s great articles on Windows internals

August 7, 2013 Leave a comment

CodeMachine has a collection of excellent articles on Windows internals topics.

Categories: Tech, Windows

smbexec is awesome

July 17, 2013 Leave a comment

Great article

This post will show you how to verify if an account has remote log in capabilities and if a domain admin account can be leveraged from the systems on the network. We are working on a metasploit module, but currently the functionality only exists in smbexec (v1.2.2).

More information:

smbexec – Tutorial for System Enumeration Options

Categories: Linux, Tech, Windows

Creating a Windows anti-virus engine

July 16, 2013 Leave a comment

Ever wondered how to create an AV engine on Windows? Well wonder no more!

Great article that includes C/C++ code and also demonstrates good places to search for rootkits.

When roaming around the techies forums, I often see some people (and many not very experienced) asking for “How do I make an antivirus”, sometimes with not very adapted languages (bat, PHP, …) and having a wrong idea of what an antivirus is, and how it should be built.

I’ve also seen many “Antivirus softwares” made by kiddies, with very few still-at-school people and about 4 hours per day of coding on several weeks. I’m not telling kiddies are not skilled, but I’m telling building an antivirus engine needs either lot of skilled people with full time job plus lot of time to release a decent software or lot of money to pay them :) (in case they are not volunteer).

So, I’ll cover here the guidelines for a basic antivirus coding, for Windows and in C/C++. One can found here the pointers to design an antivirus engine, or simply learn how most of them are built.

Categories: Tech, Windows

[link] Securing Microsoft Windows 8: AppContainers

July 8, 2013 Leave a comment

There is a surprising lack of good, independent, and technical detail about Windows 8 and Windows Phone 8 architecture.

This paper is very informative and has some technical information about Windows 8 that was news to me.

Recently, we have been conducting an analysis concerning the new Windows 8 security features. There are few documents available in Internet about this topic and no one of them explains the entire implementations in detail.

The paper has been divided in two parts because of the complexity of the topic. Microsoft engineers have done an impressive job by improving their Operating System security. They  implemented the so called “mitigations”. The term is used to indicate a new specific security feature that has the aim to make more difficult a possible attack.

[…]

Conclusions

Our analysis and tests show that Microsoft engineers have made a great job in creating a Sandboxed environment for their Operating System new applications type. We have seen that it’s possible to create an OS based sandboxed environments even for standard Win32 programs. The main problem is that there no documentation about it. We are wondering why MS doesn’t release a proper documentation about the AppContainer and the Lowbox tokens.

Furthermore we have concluded that in current OS implementation there are only few capabilities available. We hope that Microsoft could release a complete set of capabilities for each Operating system component in the next Windows 8.1 OS.

I developed a simple application able to define an AppContainer package, to create  a proper directories and objects, and to launch standard Win32 applications under an OS sandboxed environment.

 

Categories: Tech, Windows

Tavis Ormandy: Introduction to Windows Kernel Security Research

May 27, 2013 Leave a comment

Great information, and challenge, from security researcher, Tavis Ormandy.

http://blog.cmpxchg8b.com/2013/05/introduction-to-windows-kernel-security.html

Categories: Tech, Windows

OSR Driver Loader

April 29, 2013 Leave a comment

If you do any Windows driver development or testing, the OSR Driver Loader is essential…and free.

New and Improved V3.0! Installing and starting NT kernel mode drivers can be a hassle. This is especially true during the development stage of a project, before you’ve built an attractive gui-based custom installation program. Now, OSRLOADER eliminates your trouble.

This GUI-based tool will make all the appropriate registry entries for your driver, and even allow you to start your driver without rebooting. It’s even got a help file, for goodness sakes! If you write drivers, this is another one of those utilities that’s a must have for your tool chest. x86 architecture.

driverloader

Categories: C/C++, Programming, Tech, Windows

API Hooking in Python

April 21, 2013 Leave a comment

Some very cool Python to perform in process patching and trampolines to hook Windows API’s.

http://www.rohitab.com/discuss/topic/37018-api-hooking-in-python/