Windows File Pseudonyms: Pwnage and Poetry
- Type
- Slides
- Tags
- exploiting, Windows
- Authors
- Dan Crowley
- Event
- Source Conference Boston 2010
- Indexed on
- Mar 26, 2013
- URL
- http://www.sourceconference.com/bos10pubs/Windows%20File%20Pseudonyms.pptx
- File name
- Windows%20File%20Pseudonyms.pptx
- File size
- 709.7 KB
- MD5
- c53ee84bd5e0da7f1e50aca84246b323
- SHA1
- cf6ae9b3fae6b40eb45e94e60b6051171aca2198
In Windows systems, path and filename normalization routines have some interesting quirks. One file can be referred to with many different filepaths; some are well known, and some are not. The lesser known ways to refer to files are not often considered when designing security mechanisms. By referring to files in these strange ways one can, in many circumstances, cause unexpected behaviour in systems which do not account for alternate prefixes, aliases and mangled versions of filenames. In this presentation, I will show some of these quirks with a live demonstration on real products and how techniques based on these quirks can be used to bypass filters and access control mechanisms, evade IDS detection, alter the way that files are handled and processed, and make brute force attacks to enumerate files easier. This presentation will also feature the release of the a new tool.
About us
Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.
Statistics
Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.
Contribute
To support this site and keep it alive, you can click on the buttons below. Any help is really appreciated! This service is provided for free, but real money is needed to pay bills.
