> July, 2020 - Vinova - Page 8
Persistence – COM Hijacking | Penetration Testing Lab

Persistence – COM Hijacking | Penetration Testing Lab

by | 4 Jul 2020 | Cyber Security

Microsoft introduced Component Object Model (COM) in Windows 3.11 as a method to implement objects that could be used by different frameworks (ActiveX, COM+, DCOM etc.) and in different Windows environments allowing interoperability, inter-process communication and code reuse. Abuse of COM objects enables red teams to execute arbitrary code on behalf of a trusted process. Administrator privileges are not required to perform COM Hijacking since classes in the HKCU registry hive are executed prior to the classes in HKLM. The only exception affects high integrity processes (elevated) which objects are loaded only from HKLM location to prevent elevation of privileges. There are multiple methods that execution of code can be achieved but there are several cases which COM has been used in red teaming scenarios for persistence, lateral movement and defense evasion. Depending on how the malicious code will executed various registry sub-keys are used during COM Hijacking. These are: The above sub-keys are under the following registry hives: Discover COM Keys – Hijack Identification of COM keys that could be used to conduct COM hijacking is trivial and requires the use of Process Monitor in order to discover COM servers which are missing CLSID’s and doesn’t require elevated privileges (HKCU). Process Monitor can be configured with the following filters: COM Hijacking – Process Monitor Filters Opening files and executing tasks like a standard user will produce a list with COM keys that could be hijacked in order to load an arbitrary library to a trusted process. COM Hijacking – Process Monitor Results The results could be used directly or exported in various formats like CSV and XML. Process...
Malcare WordPress Security

mobile game developer singapore,android developer singapore,website design singapore,app development singapore,website developer singapore,developers in singapore,ruby on rails developer singapore,ios app development singapore,web design services singapore,singapore mobile app developer,web application singapore,mobile app development singapore,website designer singapore,ios developer singapore,app developer singapore,website development singapore,mobile application development singapore,graphic designer in singapore,mobile apps development singapore,singapore web design,mobile app developer singapore,web development singapore,design agency singapore,developer in singapore,web designer singapore,singapore mobile application developer,singapore website design,singapore web design services,mobile apps singapore,design firms in singapore,web design singapore,singapore app developer,web design company singapore,mobile application developer singapore,mobile developer singapore,web development company singapore,singapore web development