This is a video that shows basic usage of the freely available Microsoft ® Application Compatibility Toolkit 5.6. In the video a benign program (putty) is the target of an arbitrary Dll injection using the Compatibility Administrator. This demo is identical to the previous Demo with the exception of the Dll used: in the video the Dll is a metasploit stager. This was presented along with slides at Defcon 23 in Las Vegas 2015.
This is a video that shows basic usage of the freely available Microsoft ® Application Compatibility Toolkit 5.6. In the video a benign program (putty) is the target of an arbitrary Dll injection using the Compatibility Administrator. This demo is identical to the previous Demo with the exception of the Dll used: in the video the Dll is a metasploit stager. This was presented along with slides at Defcon 23 in Las Vegas 2015.
This is a video that shows basic usage of the freely available Microsoft ® Application Compatibility Toolkit 5.6 In the video, the firefox user profile is redirected to a remote computer using the Compatibility Administrator. This was presented along with slides at Defcon 23 in Las Vegas 2015.
This is a video that shows basic usage of the freely available Microsoft ® Application Compatibility Toolkit 5.6 In the video, several programs are manipulated using the Compatibility Administrator to subvert the system integrity and hide indicators of compromise used by common malware. Autoruns.exe is a program bundled in the SysInternals created by Mark Russinovich and can be downloaded here: https://technet.microsoft.com/en-us/sysinternals/bb842062.aspx This was presented along with slides at Defcon 23 in Las Vegas 2015.
Shims offer a powerful rootkit-like framework that is natively implemented in most all modern Windows Operating Systems. This talk will focus on the wide array of post-exploitation options that a novice attacker could utilize to subvert the integrity of virtually any Windows application. I will demonstrate how Shim Database Files (sdb files / shims) are simple to create, easy to install, flexible, and stealthy. I will also show that there are other far more advanced applications such as in-memory patching, malware obfuscation, evasion, and system integrity subversion. For defenders, I am releasing 6 open source tools to prevent, detect, and block malicious shims.