using System.NetCore; var service = CustomWindowsServices.Create(config); service.Run();

Output: Creating Windows Services with . Core

CS7036: There is no argument given t Christopher Brown Who Am I Who Am I?

Developer: Smart Data

IT Support: The Little Woodshop on Main

Former NSA Cyber Intel What Are Windows Service?

Windows ≈ Daemons - a process that runs in the background - non interactive - no direct control terminal Equivalent in other OS - Windows: Service - macOS: - Linux: Daemon System Service Management - Windows: - macOS: launchd - Linux: systemd Service Control Manager

[run] => services.msc Examples of Services

- Updaters - DNS Client Service - System Monitoring - Job Scheduler

- KEY LOGGERS - MALWARE - SPYWARE - VIRUSES Vista Service Hardening

Session 0 Isolation - Prevent Shatter Attacks

Running with Least Privilege

Restricted Network Access

Service Isolation - Service Identity [SID]

Session Isolation prevents malicious services obtaining elevated permissions Session 0 Isolation and Shatter Attacks

SYSTEMAD

USER Session 0

Message Loop Shatter Attack ADMIN

SERVICE {ADMIN} Session 0 Isolation and Shatter Attacks

USER Session 1

Message Loop Shatter Attack LOCAL

SERVICE {LOCAL}

ADMIN SERVICE {NETWORK} Def Con 12: Brett Moore – Shoot The Messenger Using Windows Messages to Exploit Local win32

SERVICE {SYSTEM} Services in .net Framework

Services in .net Framework Core

Windows Compatibility Pack - provides access to framework (20,000) - including Windows Services

Worker Service Template [core 3.0] - there was* no service template for core - needs some dependencies * Rules and Best Practices

NO User Interface / Interaction Remove Assert Statements Run with Minimal User Rights - Do NOT CHANGE default logon security policy Avoid reliance on USER profile

Do not bundle unrelated tasks in single service - SOLID – Single Responsibility Principle Compatibility Pack

Installing .net Core Service

.net Framework Produces exe .net Core Produces .dll

Publish .dll to .exe - cmd.exe as Admin - Navigate to folder containing csproj - dotnet publish --configuration release Install Service - cmd.exe as Admin - sc create [serviceName] binPath=“{location of exe}” - sc [serviceName]

Uninstalling .net Core Service

- sc delete [serviceName]

Other cmd Service Commands

- sc start [serviceName]

- sc stop [serviceName]

- sc query [serviceName]

- sc

Topshelf Topshelf

Formerly only Framework

.net Core Compatible - v4.1 - 9/19/2018

Requires Compatibility Pack

Topshelf Installer

Publish .dll to .exe - cmd.exe as Admin - Navigate to folder containing csproj - dotnet publish -r win-x64 -c release - r: runtime win-x64 - c: configuration Release

Install Service - cmd.exe as Admin - Navigate to folder containing published exe - {serviceExe} install - {serviceExe} start - {serviceExe} stop Worker Service Template Worker Service

Creates ASP.NET Core Worker Service Template - uses IHostedService - need Microsoft.Extensions.Hosting.WindowsServices - exposes OnStart() OnStop() from ServiceBase

Review

What a Windows Service is

Service Control Manager Brief History .net Framework Template .net Core Long Hand => Compatibility Pack .net Core Short Hand => Topshelf .net Core New Hotness => Worker Service Template ?

Github / LinkedIn: cdbrown0032 Email: [email protected]