Posts tagged Windows

2 min Microsoft

A Closer Look at February 2015's Patch Tuesday

This month's Patch Tuesday covers nine security bulletins from Microsoft, including what seems like a not-very-unusual mix of remote code execution (RCE) vulnerabilities and security feature bypasses. However, two of these bulletins – MS15-011 [https://technet.microsoft.com/en-us/library/security/ms15-011] and MS15-014 [https://technet.microsoft.com/en-us/library/security/ms15-014] – require a closer look, both because of the severity of the vulnerabilities that they address and the changes Mi
8 min Windows

12 Days of HaXmas: Does it Blend Like a Duck?

This post is the fifth in a series, 12 Days of HaXmas, where we take a look at some of more notable advancements and events in the Metasploit Framework over the course of 2014._ Writing portable software is not hard. It's just like walking through a minefield! Getting to the other side, that's the tricky part. Sure, if you target C, Unix-like systems and GCC or LLVM, you may not run into too many hassles these days. There are still a few annoying differences between BSDs and Linux, but POSIX a
1 min Windows

Mitigating Service Account Credential Theft

I am excited to announce a new whitepaper, Mitigating Service Account Credential Theft [https://hdm.io/writing/Mitigating%20Service%20Account%20Credential%20Theft%20on%20Windows.pdf] on Windows. This paper was a collaboration between myself, Joe Bialek of Microsoft, and Ashwath Murthy of Palo Alto Networks. The executive summary is shown below, Over the last 15 years, the Microsoft Windows ecosystem has expanded with the meteoric rise of the internet, business technology, and computing in gene
3 min Microsoft

It's the end of XP as we know it, April Patch Tuesday 2014, and, oh yeah... heartbleed.

So this is it, the last hurrah for the once beloved XP, the last kick at the can for patching up the old boat.  Sure, by today's standards it's a leaky, indefensible, liability, but… hey, do you even remember Windows 98?  Or (*gasp*) ME?  At least we can all finally put IE 6 to rest, once and for all, the final excuse for corporate life-support has been pulled… except for legacy apps built so poorly that they depend on IE 6 and are “too costly” to replace. As everyone should know by now, ther
3 min Microsoft

Patch Tuesday, Sept 2013

September's Patch Tuesday is live! The 14 bulletins predicted were cut to 13, with the .NET patch landing on the cutting room floor. A patch getting pulled after the advance notice is up usually indicates that late testing revealed an undesired interaction with another product or component. Of the 13 bulletins remaining they are split 7/6 between the MS Office family and Windows OS patches, if we are counting the Internet Explorer patch as part of the OS patching, anti-trust lawsuits notwiths
6 min Metasploit

Abusing Windows Remote Management (WinRM) with Metasploit

Late one night at Derbycon [https://www.derbycon.com/], Mubix [https://twitter.com/mubix] and I were discussing various techniques of mass ownage. When Mubix told me about the WinRM service, I wondered: "Why don't we have any Metasploit modules for this yet?" After I got back , I began digging. WinRM/WinRS WinRM is a remote management service for Windows that is installed but not enabled by default in Windows XP and higher versions, but you can install it on older operating systems as well. Win
5 min Metasploit

Adventures in the Windows NT Registry: A step into the world of Forensics and Information Gathering

As of a few days ago [https://github.com/rapid7/metasploit-framework/pull/98], the Metasploit Framework has full read-only access to offline registry hives. Within Rex you will now find a Rex::Registry namespace that will allow you to load and parse offline NT registry hives (includes Windows 2000 and up), implemented in pure Ruby. This is a great addition to the framework because it allows you to be sneakier and more stealthy while gathering information on a remote computer. You no longer need

2 min Patch Tuesday

January Patch Tuesday Roundup

So I know we all were hoping to see a fix for some of this Windows Graphic Rendering Engine [http://] nastiness...but no go. For now, you'll need to resort to the good ol' FixIt [http://support.microsoft.com/kb/2490606] option or if you wanna get your hands dirty, you can modify the ACL on shimgvw.dll directly. Either way, if you're running IE, you'll have to patiently wait for the official patch release. So this monthly release was lean-n-mean, Microsoft released (2) bulletins, addressing (3)

Popular Topics

Tags