The Latest in IT Security

Quickpost: Need a PoC to Test Your Security Setup? Not Necessarily.

22
Jun
2011

People regularly ask me for a PoC (PDF or other type) to test their security setup. For example, they sandboxed Adobe Reader and now they want to test that Adobe Reader can’t write to sensitive Windows directories like system32.

Well, you don’t need a PoC to test your setup in this way. Just develop and compile a DLL that writes to system32, and inject it in the target process.

The problem however, is that not everybody has the skills to develop and compile such a DLL. But almost everybody can write a VBScript that accomplishes the same. Here’s a one-liner that creates test.txt in system32:

CreateObject("Scripting.FileSystemObject").CreateTextFile("c:\windows\system32\test.txt")

But how do you get the target process to execute this script? That is something I worked out 2 years ago: bpmtk: Injecting VBScript. In a nutshell: I developed a DLL that once injected into a process, instantiates a VBScript engine and executes the provided script.

Leave a reply


Categories

THURSDAY, AUGUST 05, 2021
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments