Showing posts with label windows. Show all posts
Showing posts with label windows. Show all posts

Thursday, March 7, 2013

Attacking the Windows 7/8 Address ASLR




The following text is what looks like an attempt to circumvent windows 7 and windows 8 memory protections in order to execute arbritrary assembly code. The presented methods are in particular useful for client-side attacks as used for example in browser exploits.

The topic that is discussed is a very complex one. At the time I started the research I thought the idea behind the attack will be applied to real-world scenarios quick and easy. I had to be convinced by the opposite.
The research was done without knowing much about the real internals of the windows memory space protection but rather using brute force, trial & failure in order to achieve what will be presented in the upcoming text. Be warned - the methods to attack the protection mechanisms hereby presented are not
failsafe and can be improved. Tough in many cases it is possible tocompletely bypass Windows 7 and especially Windows 8 ASLR by using thetechniques.


- Read more -
Posted by at No comments:
Labels: , , ,

Tuesday, February 26, 2013

Securing Windows with EMET


The enhanced Mitigation Experience Toolkit (EMET) is designed to
 help prevent hackers from gaining access to your system. 

Software vulnerabilities and exploits have become an everyday part of life. Virtually every product has to deal with them and consequently, users are faced with a stream of security updates. For users who get attacked before the latest updates have been applied or who get attacked before an update is even available, the results can be devastating: malware, loss of PII, etc. 

Security mitigation technologies are designed to make it more difficult for an attacker to exploit vulnerabilities in a given piece of software. EMET allows users to manage these technologies on their system and provides several unique benefits:
Posted by at No comments:
Labels: , , ,

Wednesday, February 20, 2013

VMware DLL Injection




VMInjector is a tool which manipulates the memory of VMware guests in order to bypass the operation system authentication screen.
VMware handles the resources allocated to guest operating systems, including RAM memory. VMInjector injects a DLL library into the VMWare process to gain access to the mapped resources. The DLL library works by parsing memory space owned by the VMware process and locating the memory-mapped RAM file, which corresponds to the guest’s RAM image. By manipulating the allocated RAM file and patching the function in charge of the authentication, an attacker gains unauthorised access to the underlying virtual host.
VMInjector can currently bypass locked Windows, Ubuntu and Mac OS X operation systems. The in-memory patching is non-persistent, and rebooting the guest virtual machine will restore the normal password functionality


Posted by at No comments:
Labels: , , ,

Tuesday, February 19, 2013

Windows ASLR Analysis



Abstract: Address space layout randomization (ASLR) is a prophylactic security technology aimed at reducing the effectiveness of exploit attempts. With the advent of the Microsoft® Windows Vista operating system, ASLR has been integrated into the default configuration of the Windows® operating system for the first time. We measure the behavior of the ASLR implementation in the Windows Vista RTM release. Our analysis of the results uncovers predictability in the implementation that reduces its effectiveness.

Written by Ollie Whitehouse, Architect,
Symantec Advanced Threat Research

 Download as PDF

Posted by at No comments:
Labels: , , , , ,
Subscribe to: Posts (Atom)