nobunkum.ru
COM Hijacking, or DLL Hijacking come back
http://www.nobunkum.ru/analytics/en-com-hijacking
On guns, germs, and steel of the digital age. Exploit.SWF.Agent.br. COM Hijacking, or DLL Hijacking come back. The essence of the COM-Server Based Binary Planting attack. Conditions of a successful attack. Analysis of the program verclsid.exe and ways to circumvent it. In order to answer that question, let's examine the OLE COM mechanism used in Windows. The article is also available in Russian. 1 Binary Planting - The Official Web Site. Or Component Object Model. Is an instance of a coclass in memory.
blog.acrossecurity.com
ACROS Security Blog: 05/01/2011 - 06/01/2011
http://blog.acrossecurity.com/2011_05_01_archive.html
Tuesday, May 24, 2011. The Anatomy of COM Server-Based Binary Planting Exploits. May 6, 2011 update: we published a proof of concept for this vulnerability. Last week at the Hack In The Box conference. In Amsterdam we presented some techniques for advanced exploitation of binary planting. Bugs The stage was set by our previous blog post. The Magic Of Special Folders. One of the elements we used in our exploits were Windows special folders. Note that the CLSID must be the extension of the folder name, i&#...
rwnin.blogspot.com
rwnin security: 'confused deputy' persistence mechanism: binary planting
http://rwnin.blogspot.com/2011/10/confused-deputy-persistence-mechanism.html
Infosec stuff on the bound. Monday, October 3, 2011. Confused deputy' persistence mechanism: binary planting. So this is not a new idea really, but mb worth a little thought/exploration. Most of the recent-ish binary planting research seemed to focus on remote code execution attacks. but sometimes you don't need remote root. Some ppl say this attack is old news and lame, but then other people say 'whatever lands me shell'. binary planting came up in the adaptive pentest talk at DerbyCon. When you're digg...
rewtdance.blogspot.com
rewt dance: September 2013
http://rewtdance.blogspot.com/2013_09_01_archive.html
Thursday, 5 September 2013. IKEEXT Windows Local Privilege Escalation. A while ago High-Tech Bridge posted a notification. Of an issue affecting Vista to 2008 (the service exists in Windows 8 but I haven't checked it) which leads to a Local Privilege Escalation to SYSTEM. By creating the missing DLL even if the user cannot start the service they will likely be able to reboot the machine, catching the SYSTEM shell when it reboots. You can find other exploits using techniques like this. Is also worth a read.
blog.acrossecurity.com
ACROS Security Blog: How Visual Studio Makes Your Applications Vulnerable to Binary Planting
http://blog.acrossecurity.com/2010/10/how-visual-studio-makes-your.html
Monday, October 18, 2010. How Visual Studio Makes Your Applications Vulnerable to Binary Planting. Creating a Binary Planting-Positive Application Without Writing a Single Line of Code. As attendees of the Hack In The Box conference. Learned last week, Microsoft Visual Studio. Makes it possible to develop a binary planting-positive (i.e., vulnerable) application without you having to write a single line of code in just 34 seconds. Let's look at the video first. From the same directory. Resulting in a bin...
blog.acrossecurity.com
ACROS Security Blog: 07/01/2011 - 08/01/2011
http://blog.acrossecurity.com/2011_07_01_archive.html
Friday, July 8, 2011. Binary Planting Goes "Any File Type". File Planting: A Sample From Our Security Research. It's been almost a year. Since we revealed our Binary Planting. Research project which identified 520 remote execution vulnerabilities in almost all Windows applications. During this period, hundreds of binary planting vulnerabilities have been publicly reported and some have actually been fixed. We went further and "extended" the problem to all file types. Java Hotspot VM Configuration Files.
blog.acrossecurity.com
ACROS Security Blog: 10/01/2011 - 11/01/2011
http://blog.acrossecurity.com/2011_10_01_archive.html
Thursday, October 20, 2011. Google Chrome pkcs11.txt File Planting. A Vuln, Or Not A Vuln, That Is The Question. Update 10/27/2011: Chrome 15, released two days ago, makes this bug even harder to exploit as its phishing and malware protection. Enabled by default in Chrome's Under the Hood. In order for this bug to be exploitable.]. Thirty days ago our company notified Google about a peculiar behavior of Chrome browser. File is called library. Consider the following line in pkcs11.txt. This line will inst...
rewtdance.blogspot.com
rewt dance: IKEEXT Windows Local Privilege Escalation
http://rewtdance.blogspot.com/2013/09/ikeext-windows-local-privilege.html
Thursday, 5 September 2013. IKEEXT Windows Local Privilege Escalation. A while ago High-Tech Bridge posted a notification. Of an issue affecting Vista to 2008 (the service exists in Windows 8 but I haven't checked it) which leads to a Local Privilege Escalation to SYSTEM. By creating the missing DLL even if the user cannot start the service they will likely be able to reboot the machine, catching the SYSTEM shell when it reboots. You can find other exploits using techniques like this. Is also worth a read.
0patch.blogspot.com
0patch Blog: June 2016
https://0patch.blogspot.com/2016_06_01_archive.html
Welcome to the era of vulnerability micropatching. Monday, June 20, 2016. New Release: 0patch Agent 2016.06.14.850. We released a new build of 0patch Agent for Windows today. There are two reasons for this: we'd like to test the updating mechanism with our beta users; and we have fixed a couple of issues reported by our beta users, plus a few minor issues we had on our own hit list. The two issues reported by our beta users were:. Of Zero Science Lab. Root, which would effectively make this a non-issue&#...
blog.acrossecurity.com
ACROS Security Blog: 01/01/2011 - 02/01/2011
http://blog.acrossecurity.com/2011_01_01_archive.html
Tuesday, January 11, 2011. How To Secure a Security Product. And Whose Bug Is It, Anyway? Our company issued a security advisory. Today about a binary planting. Vulnerability in multiple F-Secure. Products, including F-Secure Internet Security 2011. Second, the remotely exploitable code-execution bug was not "developed" by the vendor's developers: it resided in Nokia's Qt. How can you even know? And who will be to blame for these bugs in your product? They need to have their own code reviewed by either i...
SOCIAL ENGAGEMENT