Design Pattern: Mitigating DLL Hijacking in Installers

About 'DLL Search Order Hijacking' vulnerability?

Windows systems use a standard method to look for required DLLs to load into a program. Adversaries may take advantage of the Windows DLL search order and programs that ambiguously specify DLLs to gain privilege escalation and persistence.

Categories: application security DLL Hijacking Privilege escalation Windows Security

Read More

'OAuth 2.0 & Security Considerations' @ OWASP/Null Delhi chapter meet

I gave this talk at OWASP/Null Delhi chapter meet. The session was around the OAuth 2.0 workflow and few security considerations that developers or security analyst needs to take care.

Event details: https://null.co.in/events/210-delhi-null-delhi-meet-30-july-2016-null-owasp-combined-meet

Categories: application security appsec null oauth oauth security owasp

Read More

'Security Automation Using ZAP' @ OWASP AppSec Europe '16

These are the slides from my lightning talk at OWASP AppSec Europe 2016. The session broadly consisted of:

- Quick run through of ZAP GUI
- Understanding what can be automated
- How to integrate ZAP with automation scripts
- Example scripts/Hands-on
- Some delicate considerations

Categories: application security appsec automation owasp owasp zap security automation zap

Read More

SSL Certificate pinning: Key Takways

There was a good discussion on OWASP-Leaders mailing list [0] some time ago regarding SSL certificate pinning in applications. 

I thought of summarizing a few key points to consider while opting for certificate pinning: 

Categories: application security appsec certificate pinning code signing Crypto Cryptography SSL Windows Security

Read More

Untangling some mess around SHA-1 Deprecation Policy on Windows

Windows recently announced updates to their SHA-1 deprecation policy [0]. According to the update, Win 7 and later platforms will no longer support SHA-1 certificate hash (CH) post 1st January 2016.  This means, all the binaries have to be signed with SHA2 after 1st Jan 2016 else Windows will pop up an alert!

Initially, this policy got me worried. WHY? Because as per [1], MS pushed SHA-2 support to Windows 7 and Windows Server 2008 R2 on 14/Oct/2014, that was later revoked due to some issues and re-pushed in their advisory KB3033929 [2] which was published on 10/Mar/2015 (Just a few months ago!).  So, all the users who aren't on KB3033929 will not be able to verify my valid SHA-2 certs? Yes, they can! Read on...

Categories: code signing Crypto Cryptography Windows Security

Read More

CVE-2015-2098: Analysis and Exploitation of eDVR Manager ActiveX control Vulnerability

In this post, we would be analyzing CVE-2015-2098, a stack buffer overflow vulnerability and will be building a robust exploit for Windows XP and Windows 7.

Reference: http://www.zerodayinitiative.com/advisories/ZDI-15-064

We would be exploiting this vulnerability using SEH overwrite technique and will further use some methods to circumvent exploit mitigation techniques like DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization).

Categories: Debugging Exploit Analysis Exploit Development Reverse Engineering

Read More