Captain Hook

More documents

Recommendations

Info

The 6 security issues of hooking
#1 – UNSAFE INJECTION Severity: Very High Affected Systems: All Windows Versions Occurs due to bad DLL injection implementation • We found 2 types of unsafe injections: • LoadLibrary from a relative path – vulnerable to DLL Hijacking • Unprotected injected DLL file – placed in %appdata%\Local\Vendor Can easily be replaced by the attacker
Page 1 and 2: Captain Hook: Pirating AVS to Bypas
Page 3 and 4: AGENDA • Hooking In a Nutshell
Page 5 and 6: SCOPE OF RESEARCH • Our research
Page 7 and 8: INLINE HOOKING - 32-BIT FUNCTION HO
Page 15 and 16: INLINE HOOKING - RECAP • Inline h
Page 17 and 18: INTRODUCTION - KERNEL-TO-USER CODE
Page 19 and 20: INJECTION METHODS - USER APC Basic
Page 21 and 22: INJECTION METHODS - ENTRY POINT PAT
Page 27 and 28: INJECTION METHODS - IMPORT TABLE PA
Page 29 and 30: INJECTION METHODS - NTDLL.DLL/USER3
Page 31 and 32: INJECTION METHODS - NTDLL.DLL/USER3
Page 33: INJECTION METHODS - QUICK SUMMARY
Page 37 and 38: #3 - PREDICTABLE R-X CODE STUBS Sev
Page 39 and 40: #5 -RWX CODE STUBS Severity: Medium
Page 41 and 42: SECURITY ISSUES OF HOOKING - RECAP
Page 43 and 44: 3 rd Party Hooking Engines
Page 45 and 46: EASYHOOK - OPEN-SOURCE HOOKING ENGI
Page 47 and 48: MADCODEHOOK - POWERFUL COMMERCIAL H
Page 49 and 50: MICROSOFT DETOURS VULNERABILITY - I
Page 51 and 52: AFFECTED PRODUCTS * Patch wasn’t
Page 53 and 54: Research Tools
Page 55 and 56: RESEARCH TOOLS - HOOKS SCAN • Too
Page 57: Contact Us: Udi, udi@ensilo.com Tom

Captain Hook

Create successful ePaper yourself

Delete template?

Save as template?