> July, 2020 - Vinova - Page 8
Persistence – COM Hijacking | Penetration Testing Lab

Persistence – COM Hijacking | Penetration Testing Lab

Microsoft introduced Component Object Model (COM) in Windows 3.11 as a method to implement objects that could be used by different frameworks (ActiveX, COM+, DCOM etc.) and in different Windows environments allowing interoperability, inter-process communication and code reuse. Abuse of COM objects enables red teams to execute arbitrary code on behalf of a trusted process. Administrator privileges are not required to perform COM Hijacking since classes in the HKCU registry hive are executed prior to the classes in HKLM. The only exception affects high integrity processes (elevated) which objects are loaded only from HKLM location to prevent elevation of privileges. There are multiple methods that execution of code can be achieved but there are several cases which COM has been used in red teaming scenarios for persistence, lateral movement and defense evasion. Depending on how the malicious code will executed various registry sub-keys are used during COM Hijacking. These are: The above sub-keys are under the following registry hives: Discover COM Keys – Hijack Identification of COM keys that could be used to conduct COM hijacking is trivial and requires the use of Process Monitor in order to discover COM servers which are missing CLSID’s and doesn’t require elevated privileges (HKCU). Process Monitor can be configured with the following filters: COM Hijacking – Process Monitor Filters Opening files and executing tasks like a standard user will produce a list with COM keys that could be hijacked in order to load an arbitrary library to a trusted process. COM Hijacking – Process Monitor Results The results could be used directly or exported in various formats like CSV and XML. Process...
Malcare WordPress Security

ios developer singapore,design agency singapore,singapore mobile application developer,singapore web development,website developer singapore,mobile apps development singapore,developers in singapore,mobile app development singapore,mobile game developer singapore,developer in singapore,singapore app developer,website design singapore,web designer singapore,design firms in singapore,app developer singapore,web design services singapore,app development singapore,ruby on rails developer singapore,web application singapore,mobile app developer singapore,singapore website design,singapore mobile app developer,ios app development singapore,mobile apps singapore,mobile application development singapore,graphic designer in singapore,android developer singapore,website development singapore,singapore web design services,web development company singapore,web design company singapore,web development singapore,web design singapore,mobile application developer singapore,singapore web design,mobile developer singapore,website designer singapore