windows

93 Articles

From XP To 10, DoubleAgent Pwns All Your Windows?

March 22, 2017 by 39 Comments

The Cybellum team published a new 0-day technique for injecting code and maintaining persistency on a target computer, baptized DoubleAgent. This technique uses a feature that all Windows versions since XP provide, that allows for an Application Verifier Provider DLL to be installed for any executable. The verifier-provider DLL is just a DLL that is loaded into the process and is supposedly responsible for performing run-time verifications for the application. However, its internal behaviour can be whatever an attacker wants, since he can provide the DLL himself.

Microsoft describes it as:

Application Verifier is a runtime verification tool for unmanaged code. Application Verifier assists developers in quickly finding subtle programming errors that can be extremely difficult to identify with normal application testing. Using Application Verifier in Visual Studio makes it easier to create reliable applications by identifying errors caused by heap corruption, incorrect handle and critical section usage. (…)

The code injection occurs extremely early during the victim’s process initialization, giving the attacker full control over the process and no way for the process to actually detect what’s going on. Once a DLL has been registered as a verifier provider DLL for a process, it would permanently be injected by the Windows Loader into the process every time the process starts, even after reboots, updates, reinstalls, or patches.

So it’s all over for Windows right? Well… no. The thing is, to register this DLL, the registered process has to have administrator rights so it can write the proper key to the Windows Registry. Without these permissions, there is no way for this attack to work. You know, the kind of permissions that allow you to install software for all users or format your own hard-drive. So, although this technique has its merit and can present challenges to processes that absolutely must maintain their integrity (such as the Cybellum team points out in the Anti-Virus software case), some other security flaw had to occur first so you can register this sort of ‘debugging DLL’.

If you already have administrator permissions you can do pretty much what you want, including DLL injection to fool anti-virus software. (Though it might be easy just to disable or remove it.)  This new tool has the advantage of being stealthy, but is a 0-day that requires root a 0-day?

[via The Hacker News]

Script Your Way Out Of Video Editing Drudgery

November 26, 2016 by 12 Comments

[Victor Frost] has a deep voice and a fancy top of the line camera. While one would assume this to be a more than generous situation for life to put a person in; it’s got its own set of problems. Mainly that his fantastic fancy camera uses the most modern version of the popular h.264 encoding scheme, h.265. Gasp!

While that too seems like a pro, unfortunately h.265 doesn’t play as nice with his editing software. The solution seems easy, just transcode it and get on your way. However, when you start talking about transcoding 4K video from a top-of-the line source and retaining the quality. Well… It can bring a processor to its knees. Since he’d rather be playing overwatch than transcoding video on his main computer, he decided to offload and automate the drudgery to his spare.

That’s how the Ingest-a-Tron 9000 came into play. It uses a lot of open source software and, yes, windows batch files to take the files off his camera, process it on one computer, and dump it to another. Now he can game (or edit) while he waits. For those of us who are estranged from Linux thanks to our favorite software, it’s good to know that there are still ways to automate away the pain. Video after the break.

Continue reading “Script Your Way Out Of Video Editing Drudgery”

Make Any PC A Thousand Dollar Gaming Rig With Cloud Gaming

October 19, 2016 by 71 Comments

The best gaming platform is a cloud server with a $4,000 dollar graphics card you can rent when you need it.

[Larry] has  done this sort of thing before with Amazon’s EC2, but recently Microsoft has been offering a beta access to some of NVIDIA’s Tesla M60 graphics cards. As long as you have a fairly beefy connection that can support 30 Mbps of streaming data, you can play just about any imaginable game at 60fps on the ultimate settings.

It takes a bit of configuration magic and quite a few different utilities to get it all going, but in the end [Larry] is able to play Overwatch on max settings at a nice 60fps for $1.56 an hour. Considering that just buying the graphics card alone will set you back 2500 hours of play time, for the casual gamer, this is a great deal.

It’s interesting to see computers start to become a rentable resource. People have been attempting streaming computers for a while now, but this one is seriously impressive. With such a powerful graphics card you could use this for anything intensive, need a super high-powered video editing station for a day or two? A CAD station to make anyone jealous? Just pay a few dollars of cloud time and get to it!

Automate Git And Upgrade Your Battle Station With A Custom Peripheral

September 13, 2016 by 56 Comments

[mfaust] wakes up in the morning like a regular person, goes to work like a regular person, types in tedious commands for his software versioning utilities like a regular person, and then, as a reward, gets his coffee, just like rest of us. However, what if there was a way to shorten the steps, bringing us all closer to the wonderful coffee step, without all those inconvenient delays? Well, global industry is trying its best to blot out the sun, so mornings are covered there. [Elon Musk’s] thinktank proposed the hyperloop, which should help with the second step. [mfaust] built a control station for his versioning software. Raise your cup of joe high for this man’s innovative spirit.

He first laid out all the buttons, LED lights, and knobs he’d like on a panel to automate away his daily tasks. Using photoshop he ended up with a nice template. He laminated it to the top of a regular project box and did his best to drill holes in the right places without a workshop at his command. It’s pretty good looking!

Since this is the sort of thing an Arduino is best at he, in a mere two tries, wired everything up in such a way that it would all cram into the box. With everything blinking satisfactorily and all the buttons showing up on the serial out, he was ready for the final step.

Being a proficient and prolific enough developer to need a control panel in the first place, like a sort of software DJ, he wrote a nice interface for it all. The Arduino sits and waits for serial input while occasionally spitting out a packet of data describing its switch status. A Java daemon runs in the background of his computer. When the right bits are witnessed, a very nicely executed on screen display reports on the progress of his various scripts.

Now he can arrive at the hyperloop terminal during the appropriate work time slot in Earth’s perpetual night. After which he simply walks up to his computer, flips a few switches, glances quickly at the display for verification, and goes to drink some nice, hydroponically grown, coffee. Just like the rest of us.

Shell Game

August 30, 2016 by 56 Comments

A lot of us spend a lot of time switching between Windows and Linux. Now that platforms like the Raspberry Pi are popular, that number is probably increasing every day. While I run Linux on nearly everything I own (with the exception of a laptop), my work computers mostly run Windows. The laptop is on Windows, too, because I got tired of trying to get all the fancy rotation sensors and pen features working properly under Linux.

What I hate most about Windows is how hard is it to see what’s going on under the hood. My HP laptop works with a cheap Dell active stylus. Sort of. It is great except around the screen edges where it goes wild. Calibration never works. On Linux, I could drill down to the lowest levels of the OS if I were so inclined. With Windows, it is just tough.

War is Shell

One place where Linux always used to have an advantage over DOS and Windows was the shell. There are lots of variations available under Linux, but bash seems to be the current pick for most people. If you want more power, you can move to some alternatives, but even bash is pretty powerful if you learn how to use it and have the right external programs (if you don’t believe it, check out this web server).

Continue reading “Shell Game”

Microsoft Live Account Credentials Leaking From Windows 8 And Above

August 2, 2016 by 62 Comments

Discovered in 1997 by Aaron Spangler and never fixed, the WinNT/Win95 Automatic Authentication Vulnerability (IE Bug #4) is certainly an excellent vintage. In Windows 8 and 10, the same bug has now been found to potentially leak the user’s Microsoft Live account login and (hashed) password information, which is also used to access OneDrive, Outlook, Office, Mobile, Bing, Xbox Live, MSN and Skype (if used with a Microsoft account).

Continue reading “Microsoft Live Account Credentials Leaking From Windows 8 And Above”

Compact Controllers Automate Window Blinds

May 24, 2016 by 26 Comments

Commercially available motorized window blinds are a nice high-end touch for today’s automated home, but they tend to command a premium price. Seems silly to charge so much for what amounts to a gear motor and controller, which is why [James Wilcox] took matters into his own hands and came up with this simple and cheap wireless blind control.

[James] started his project the sensible way, with a thorough analysis of the problem. Once COTS alternatives were eliminated – six windows would have been $1200 – he came up with a list of deliverables, including tilting to pre-determined positions, tilt-syncing across multiple windows, and long battery life. The hardware in the head rail of each blind ended up being a Moteino on a custom PCB for the drivers, a $2 stepper motor, and a four-AA battery pack. The Moteino in one blind talks to a BeagleBone Black over USB and wirelessly to the other windows for coordinated control. As for battery life, [James] capitalized on the Moteino’s low-power Listen Mode to reduce the current draw by about three orders of magnitude, which should equate to a few years between battery changes. And he did it all for only about $40 a window.

Window blinds seem to be a tempting target for hacking, whether it’s motorizing regular blinds or interfacing commercial motorized units into a home automation system. We like how compact this build is, and wonder if it could be offered as an aftermarket add-on for manual blinds.

Continue reading “Compact Controllers Automate Window Blinds”