NT Object Insecurity
- Type
- Slides
- Tags
- Windows
- Authors
- Riley Hassell
- Event
- Source Conference Boston 2010
- Indexed on
- Mar 26, 2013
- URL
- http://www.sourceconference.com/bos10pubs/NT%20Object%20(In)Security.pdf
- File name
- NT%20Object%20(In)Security.pdf
- File size
- 599.3 KB
- MD5
- 4d983144dba9cbf018210455d4f5e781
- SHA1
- dce1b58377407acb314d261c23e7c72d9da93273
At the core of the Microsoft Windows operations system is the Object Manager. This subsystem is one of the most used and also least documented subsystems within Microsoft Windows. We use it for every action we perform. The management of all files, registry keys, shared memory, LPC ports, and many other object types are handled by the Object Manager. During this presentation we will discuss this subsystem in depth and how it affects the security of Windows applications. A new tool will be released, ObjectTrace, that can be used to enumerate the Windows objects that are created insecurely by targeted applications. After completing the introduction other advanced topics will be covered including new privilege escalation techniques and hardening strategies. While the methodologies are focused to Microsoft Windows they can be applied to any operating systems.
About us
Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.
Statistics
Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.
Contribute
To support this site and keep it alive, you can click on the buttons below. Any help is really appreciated! This service is provided for free, but real money is needed to pay bills.
