> July, 2020 - Vinova - Page 8
Persistence – COM Hijacking | Penetration Testing Lab

Persistence – COM Hijacking | Penetration Testing Lab

by | 4 Jul 2020 | Cyber Security

Microsoft introduced Component Object Model (COM) in Windows 3.11 as a method to implement objects that could be used by different frameworks (ActiveX, COM+, DCOM etc.) and in different Windows environments allowing interoperability, inter-process communication and code reuse. Abuse of COM objects enables red teams to execute arbitrary code on behalf of a trusted process. Administrator privileges are not required to perform COM Hijacking since classes in the HKCU registry hive are executed prior to the classes in HKLM. The only exception affects high integrity processes (elevated) which objects are loaded only from HKLM location to prevent elevation of privileges. There are multiple methods that execution of code can be achieved but there are several cases which COM has been used in red teaming scenarios for persistence, lateral movement and defense evasion. Depending on how the malicious code will executed various registry sub-keys are used during COM Hijacking. These are: The above sub-keys are under the following registry hives: Discover COM Keys – Hijack Identification of COM keys that could be used to conduct COM hijacking is trivial and requires the use of Process Monitor in order to discover COM servers which are missing CLSID’s and doesn’t require elevated privileges (HKCU). Process Monitor can be configured with the following filters: COM Hijacking – Process Monitor Filters Opening files and executing tasks like a standard user will produce a list with COM keys that could be hijacked in order to load an arbitrary library to a trusted process. COM Hijacking – Process Monitor Results The results could be used directly or exported in various formats like CSV and XML. Process...
Malcare WordPress Security

web design company singapore,singapore mobile application developer,singapore web design,mobile apps development singapore,website developer singapore,graphic designer in singapore,ios developer singapore,singapore web design services,android developer singapore,ruby on rails developer singapore,developers in singapore,design firms in singapore,mobile developer singapore,web designer singapore,mobile app developer singapore,developer in singapore,web design singapore,singapore app developer,singapore website design,website design singapore,web design services singapore,web development singapore,website designer singapore,app development singapore,mobile application developer singapore,web development company singapore,mobile app development singapore,singapore mobile app developer,mobile game developer singapore,ios app development singapore,mobile apps singapore,mobile application development singapore,singapore web development,web application singapore,website development singapore,design agency singapore,app developer singapore