Writing Secure Code (Vista).Pdf
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
Attacker Antics Illustrations of Ingenuity
ATTACKER ANTICS ILLUSTRATIONS OF INGENUITY Bart Inglot and Vincent Wong FIRST CONFERENCE 2018 2 Bart Inglot ◆ Principal Consultant at Mandiant ◆ Incident Responder ◆ Rock Climber ◆ Globetrotter ▶ From Poland but live in Singapore ▶ Spent 1 year in Brazil and 8 years in the UK ▶ Learning French… poor effort! ◆ Twitter: @bartinglot ©2018 FireEye | Private & Confidential 3 Vincent Wong ◆ Principal Consultant at Mandiant ◆ Incident Responder ◆ Baby Sitter ◆ 3 years in Singapore ◆ Grew up in Australia ©2018 FireEye | Private & Confidential 4 Disclosure Statement “ Case studies and examples are drawn from our experiences and activities working for a variety of customers, and do not represent our work for any one customer or set of customers. In many cases, facts have been changed to obscure the identity of our customers and individuals associated with our customers. ” ©2018 FireEye | Private & Confidential 5 Today’s Tales 1. AV Server Gone Bad 2. Stealing Secrets From An Air-Gapped Network 3. A Backdoor That Uses DNS for C2 4. Hidden Comment That Can Haunt You 5. A Little Known Persistence Technique 6. Securing Corporate Email is Tricky 7. Hiding in Plain Sight 8. Rewriting Import Table 9. Dastardly Diabolical Evil (aka DDE) ©2018 FireEye | Private & Confidential 6 AV SERVER GONE BAD Cobalt Strike, PowerShell & McAfee ePO (1/9) 7 AV Server Gone Bad – Background ◆ Attackers used Cobalt Strike (along with other malware) ◆ Easily recognisable IOCs when recorded by Windows Event Logs ▶ Random service name – also seen with Metasploit ▶ Base64-encoded script, “%COMSPEC%” and “powershell.exe” ▶ Decoding the script yields additional PowerShell script with a base64-encoded GZIP stream that in turn contained a base64-encoded Cobalt Strike “Beacon” payload. -
Internet Explorer 9 Previewed 17 March 2010, by Lin Edwards
Internet Explorer 9 previewed 17 March 2010, by Lin Edwards translation necessary. This will improve performance because there is a massive difference in speed between compiled and interpreted code. This, and the speed gain by using the GPU, was demonstrated at the conference with a display of increasing numbers of spinning three-dimensional icons, which the IE9 preview could handle far better than any other browser. Since less of the first core of CPU is being used, the display is much faster, and will also allow developers to create a new class of Web applications. Another change in the new browser is an emphasis on browser interoperability, so that programs (PhysOrg.com) -- Microsoft has released the written for IE9 should run properly on other preview version of Internet Explorer 9, which has browsers as well. Hachamovitch said that as HTML5 integration, background compiled Internet Explorer supports more of the markups Javascript, and scalable vector graphics (SVG) used by websites, their Acid score will improve. capability. (This is a test run by W3C, the official Internet standards body.) The preview browser engine The preview code for the Internet browser’s scored 55 out of 100, which is a significant rendering engine was revealed at Microsoft’s improvement on the previous version’s score of 20. MIX10 developer conference in Las Vegas yesterday. The major goals for the new engine are It is not yet known when the new browser will be support for the emerging Web standards such as released as a beta or final version. Meanwhile, the SVG and HTML5, and greater speed. -
WSJ 2010. Microsoft Quashed Effort to Boost Online Privacy.Pdf
http://online.wsj.com/article/SB10001424052748703467304575383530439838568.html?mod=WSJ_hpp_LEADSecondNewsCollection#pr... WHAT THEY KNOW AUGUST 2, 2010 Microsoft Quashed Effort to Boost Online Privacy By NICK WINGFIELD The online habits of most people who use the world's dominant Web browser are an open book to advertisers. That wasn't the plan at first. In early 2008, Microsoft Corp.'s product planners for the Internet Explorer 8.0 browser intended to give users a simple, effective way to avoid being tracked online. They wanted to design the software to automatically thwart common tracking tools, unless a user deliberately switched to settings affording less privacy. That triggered heated debate inside Microsoft. As the leading maker of Web browsers, the gateway software to the Internet, Microsoft must balance conflicting interests: helping people surf the Web with its browser to keep their mouse clicks private, and helping advertisers who want to see those clicks. In the end, the product planners lost a key part of the debate. The winners: executives who argued that giving automatic privacy to consumers would make it tougher for Microsoft to profit from selling online ads. Microsoft built its browser so that users must deliberately turn on privacy settings every time they start up the software. Microsoft's original privacy plans for the new Explorer were "industry-leading" and technically superior to privacy features in earlier browsers, says Simon Davies, a privacy-rights advocate in the U.K. whom Microsoft consulted while forming its browser privacy plans. Most users of the final product aren't even aware its privacy settings are available, he says. -
Getting Started with Windows Scripting
Getting Started with Windows Scripting art I of the PowerShell, VBScript, and JScript Bible intro- IN THIS PART duces you to the powerful administrative tool that is Windows scripting. You’ll get an overview of Windows Chapter 1 P Introducing Windows Scripting scripting and its potential, and an introduction to three tech- nologies you can use for Windows scripting: VBScript, JScript, Chapter 2 and PowerShell. VBScript Essentials Chapter 3 JScript Essentials Chapter 4 PowerShell Fundamentals COPYRIGHTED MATERIAL 886804c01.indd6804c01.indd 1 11/21/09/21/09 11:16:17:16:17 PPMM 86804c01.indd 2 1/21/09 1:16:18 PM Introducing Windows Scripting indows scripting gives everyday users and administrators the ability to automate repetitive tasks, complete activities while IN THIS CHAPTER away from the computer, and perform many other time-saving W Introducing Windows scripting activities. Windows scripting accomplishes all of this by enabling you to create tools to automate tasks that would otherwise be handled manually, Why script Windows? such as creating user accounts, generating log files, managing print queues, or examining system information. By eliminating manual processes, you Getting to know can double, triple, or even quadruple your productivity and become more Windows Script Host effective and efficient at your job. Best of all, scripts are easy to create and Understanding the Windows you can rapidly develop prototypes of applications, procedures, and utili- scripting architecture ties; and then enhance these prototypes to get exactly what you need, or just throw them away and begin again. This ease of use gives you the flex- ibility to create the kinds of tools you need without a lot of fuss. -
Microsoft Patches Were Evaluated up to and Including CVE-2020-1587
Honeywell Commercial Security 2700 Blankenbaker Pkwy, Suite 150 Louisville, KY 40299 Phone: 1-502-297-5700 Phone: 1-800-323-4576 Fax: 1-502-666-7021 https://www.security.honeywell.com The purpose of this document is to identify the patches that have been delivered by Microsoft® which have been tested against Pro-Watch. All the below listed patches have been tested against the current shipping version of Pro-Watch with no adverse effects being observed. Microsoft Patches were evaluated up to and including CVE-2020-1587. Patches not listed below are not applicable to a Pro-Watch system. 2020 – Microsoft® Patches Tested with Pro-Watch CVE-2020-1587 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability CVE-2020-1584 Windows dnsrslvr.dll Elevation of Privilege Vulnerability CVE-2020-1579 Windows Function Discovery SSDP Provider Elevation of Privilege Vulnerability CVE-2020-1578 Windows Kernel Information Disclosure Vulnerability CVE-2020-1577 DirectWrite Information Disclosure Vulnerability CVE-2020-1570 Scripting Engine Memory Corruption Vulnerability CVE-2020-1569 Microsoft Edge Memory Corruption Vulnerability CVE-2020-1568 Microsoft Edge PDF Remote Code Execution Vulnerability CVE-2020-1567 MSHTML Engine Remote Code Execution Vulnerability CVE-2020-1566 Windows Kernel Elevation of Privilege Vulnerability CVE-2020-1565 Windows Elevation of Privilege Vulnerability CVE-2020-1564 Jet Database Engine Remote Code Execution Vulnerability CVE-2020-1562 Microsoft Graphics Components Remote Code Execution Vulnerability -
Verified Implementations of the Information Card Federated Identity
Verified Implementations of the Information Card Federated Identity-Management Protocol Karthikeyan Bhargavan∗ Cédric Fournet∗ Andrew D. Gordon∗ Nikhil Swamy† ∗Microsoft Research †University of Maryland, College Park ABSTRACT We describe reference implementations for selected configurations of the user authentication protocol defined by the Information Card Profile V1.0. Our code can interoperate with existing implemen- tations of the roles of the protocol (client, identity provider, and relying party). We derive formal proofs of security properties for our code using an automated theorem prover. Hence, we obtain the most substantial examples of verified implementations of crypto- graphic protocols to date, and the first for any federated identity- management protocols. Moreover, we present a tool that down- loads security policies from services and identity providers and Figure 1: InfoCard: Card-based User Authentication compiles them to a verifiably secure client proxy. Categories and Subject Descriptors and (2) to check consistency between the reference implementation and the informal specification in the same way as for any imple- D.2.4 [Software Engineering]: Software/Program Verification mentation, via interoperability testing with other implementations. This paper reports the techniques underpinning the most com- Security, Verification General Terms plex examples to date of such verified implementations. Keywords Information Card Profile V1.0 (InfoCard). We have built and Cryptographic protocol verification, Verified implementations, Web verified reference implementations of various configurations of the Services Security, Federated identity management, CardSpace. card-based user authentication protocol defined by the Information Card Profile V1.0 [InfoCard Guide, Nanda, 2006]. We refer to this 1. INTRODUCTION protocol as InfoCard. InfoCard is the core of a federated identity-management frame- Verified Reference Implementations of Protocols. -
Cardspace Web Integration
A Guide to Supporting Information Cards within Web Applications and Browsers as of the Information Card Profile V1.0 December 2006 Author Michael B. Jones Microsoft Corporation Copyright Notice © 2006 Microsoft Corporation. All rights reserved. Abstract The Identity Metasystem allows users to manage their digital identities from various identity providers and employ them in different contexts where they are accepted to access online services. In the Identity Metasystem, identities are represented to users as “Information Cards” (a.k.a. “InfoCards”). One important class of applications where Information Card- based authentication can be used is applications hosted on web sites and accessed through web browsers. This paper documents the web interfaces utilized by browsers and web applications that support the Identity Metasystem. The information in this document is not specific to any one browser or platform. This document supplements the information provided in two other Information Card Profile references: the Guide to the Information Card Profile V1.0 [InfoCard-Guide], which provides a non-normative description of the overall Information Card model, and the Technical Reference for the Information Card Profile V1.0 [InfoCard-Ref], which provides the normative schema definitions and behaviors referenced by the Guide to the Information Card Profile V1.0. Status The Information Card Profile V1.0 was used to implement Windows CardSpace V1.0, which is part of Microsoft .NET Framework 3.0 [.NET3.0], and Internet Explorer 7. Other implementations following these specifications should be able to interoperate with the Microsoft implementation. Version 1.0 Page 1 of 13 Table of Contents 1. Introduction 2. -
Case Study: Internet Explorer 1994..1997
Case Study: Internet Explorer 1994..1997 Ben Slivka General Manager Windows UI [email protected] Internet Explorer Chronology 8/94 IE effort begins 12/94 License Spyglass Mosaic source code 7/95 IE 1.0 ships as Windows 95 feature 11/95 IE 2.0 ships 3/96 MS Professional Developer’s Conference AOL deal, Java license announced 8/96 IE 3.0 ships, wins all but PC Mag review 9/97 IE 4.0 ships, wins all the reviews IE Feature Chronology IE 1.0 (7/14/95) IE 2.0 (11/17/95) HTML 2.0 HTML Tables, other NS enhancements HTML <font face=> Cell background colors & images Progressive Rendering HTTP cookies (arthurbi) Windows Integration SSL Start.Run HTML (MS enhancements) Internet Shortcuts <marquee> Password Caching background sounds Auto Connect, in-line AVIs Disconnect Active VRML 1.0 Navigator parity MS innovation Feature Chronology - continued IE 3.0 (8/12/96) IE 3.0 - continued... IE 4.0 (9/12/97) Java Accessibility Dynamic HTML (W3C) HTML Frames PICS (W3C) Data Binding Floating frames HTML CSS (W3C) 2D positioning Componentized HTML <object> (W3C) Java JDK 1.1 ActiveX Scripting ActiveX Controls Explorer Bars JavaScript Code Download Active Setup VBScript Code Signing Active Channels MSHTML, SHDOCVW IEAK (corporations) CDF (XML) WININET, URLMON Internet Setup Wizard Security Zones DocObj hosting Referral Server Windows Integration Single Explorer ActiveDesktop™ Navigator parity MS innovation Quick Launch, … Wins for IE • Quality • CoolBar, Explorer Bars • Componetization • Great Mail/News Client • ActiveX Controls – Outlook Express – vs. Nav plug-ins -
Security Policy Page 1 of 20
Security Policy Page 1 of 20 Security Policy This security policy contains data to configure services and network security based on the server’s role, as well as data to configure registry and auditing settings. Server: VENGWIN207 Services Service Name Startup Mode Description Issues, manages, and removes X.509 certificates for such applications such as Active Directory Certificate S/MIME and SSL. If the service is stopped, Disabled Services certificates will not be issued. If this service is disabled, any services that explicitly depend on it will fail to start. AD DS Domain Controller service. If this service is stopped, users will be unable to log Active Directory Domain Services Disabled on to the network. If this service is disabled, any services that explicitly depend on it will fail to start. AD FS Web Agent Authentication The AD FS Web Agent Authentication Service Disabled Service validates incoming tokens and cookies. Adobe Acrobat Updater keeps your Adobe Adobe Acrobat Update Service Automatic software up to date. Sends logging messages to the logging database when logging is enabled for the Active Directory Rights Management Services role. If this service is disabled or stopped AdRmsLoggingService Disabled when logging is enabled, logging messages will be stored in local message queues and sent to the logging database when the service is started. Processes application compatibility cache Application Experience Disabled requests for applications as they are launched Provides administrative services for IIS, for example configuration history and Application Pool account mapping. If this Application Host Helper Service Disabled service is stopped, configuration history and locking down files or directories with Application Pool specific Access Control Entries will not work. -
Command-Line IP Utilities This Document Lists Windows Command-Line Utilities That You Can Use to Obtain TCP/IP Configuration Information and Test IP Connectivity
Guide to TCP/IP: IPv6 and IPv4, 5th Edition, ISBN 978-13059-4695-8 Command-Line IP Utilities This document lists Windows command-line utilities that you can use to obtain TCP/IP configuration information and test IP connectivity. Command parameters and uses are listed for the following utilities in Tables 1 through 9: ■ Arp ■ Ipconfig ■ Netsh ■ Netstat ■ Pathping ■ Ping ■ Route ■ Tracert ARP The Arp utility reads and manipulates local ARP tables (data link address-to-IP address tables). Syntax arp -s inet_addr eth_addr [if_addr] arp -d inet_addr [if_addr] arp -a [inet_address] [-N if_addr] [-v] Table 1 ARP command parameters and uses Parameter Description -a or -g Displays current entries in the ARP cache. If inet_addr is specified, the IP and data link address of the specified computer appear. If more than one network interface uses ARP, entries for each ARP table appear. inet_addr Specifies an Internet address. -N if_addr Displays the ARP entries for the network interface specified by if_addr. -v Displays the ARP entries in verbose mode. -d Deletes the host specified by inet_addr. -s Adds the host and associates the Internet address inet_addr with the data link address eth_addr. The physical address is given as six hexadecimal bytes separated by hyphens. The entry is permanent. eth_addr Specifies physical address. if_addr If present, this specifies the Internet address of the interface whose address translation table should be modified. If not present, the first applicable interface will be used. Pyles, Carrell, and Tittel 1 Guide to TCP/IP: IPv6 and IPv4, 5th Edition, ISBN 978-13059-4695-8 IPCONFIG The Ipconfig utility displays and modifies IP address configuration information. -
Windchill Web Browser Comparison Technical Brief
Windchill Web Browser Comparison Technical Brief Contents About This Document ........................................................................................... 2 Supported Releases and Products ................................................................................................ 2 Audience ........................................................................................................................................ 2 Challenge ............................................................................................................... 2 Solution ................................................................................................................. 4 The Role of the Web Browser in Windchill 10.0 ............................................................................ 4 Key Characteristics of the Web Browser for Windchill 10.0 .......................................................... 5 Web Browser Release Date ..................................................................................................... 7 Windchill 10.0 Web Browser Support ....................................................................................... 7 Windows Platform Support for Web Browsers ......................................................................... 7 Creo Elements/Pro 5.0, Pro/ENGINEER Wildfire 4.0, and Windchill Workgroup Manager Support ..................................................................................................................................... 7 Performance ............................................................................................................................ -
Winsock Is a Standard Application Programming Interface (API)
www.installsetupconfig.com An Intro to Windows Socket (Winsock2) Programming & C Language What do we have in this session? Winsock Headers and Libraries Initializing Winsock Error Checking and Handling Addressing a Protocol Addressing IPv4 Internet Addresses Some Note inet_ntoa() Function InetNtop() Function InetPton() Function Byte Ordering Creating a Socket Connection-Oriented Communication Server API Functions Binding, bind() Listening, listen() Accepting Connections, accept() Client API Functions TCP States connect() Data Transmission send() and WSASend() WSASendDisconnect() Out-of-Band Data recv() and WSARecv() WSARecvDisconnect() Stream Protocols Scatter-Gather I/O Breaking the Connection shutdown() closesocket() TCP Receiver/Server With select() Example TCP Sender/client Program Example Testing the TCP Client and Server Programs Testing the TCP Client and Server Programs in Private Network Connectionless Communication Receiver Sender Running Both the UDP Receiver/Server and UDP Sender/Client Testing the UDP Client and select Server Programs in Private Network Message-Based Protocols Releasing Socket Resources 1 www.installsetupconfig.com Miscellaneous APIs getpeername() getsockname() WSADuplicateSocket() Windows CE Conclusion The following figure shows the TCP/IP stack for computer communication. Starting with the Open System Interconnection (OSI) seven layers and the TCP/IP stack. The Winsock is a library used for network communication programming for Windows. 7 Application e.g. HTTP, SMTP, SNMP, FTP, Telnet, SSH and Scp, NFS, RTSP etc. 6 Presentation e.g. XDR, ASN.1, SMB, AFP etc. 5 Session e.g. TLS, SSH, ISO 8327 / CCITT X.225, RPC, NetBIOS, ASP etc. 4 Transport e.g. TCP, UDP, RTP, SCTP, SPX, ATP etc. e.g. IP/IPv6, ICMP, IGMP, X.25, CLNP, ARP, RARP, BGP, OSPF, RIP, IPX, 3 Network DDP etc.