Dailydave mailing list archives
Tokens are Hard
From: Dave Aitel <dave.aitel () gmail com>
Date: Mon, 25 Jan 2016 16:26:51 +0000
My original native language in hacking is Unix. I've spent maybe 15 years doing Windows instead but like many of you I still speak Windows hacking with an accent. Windows as a Second Language, would be the elementary school class I'd have to be put into, with all the other immigrants. Just as in language, complex idioms are the way you tell a native speaker from a transplant, understanding Windows Tokens is how you tell a native speaker from someone like me. There's no hiding the complexity of them. For example, not all SYSTEM tokens are equal. Which API uses which kind of token in Windows is selected by a random dice roll of a random person on the Windows Kernel team. To wit: I found a local SYSTEM bug while doing consulting at Microsoft a while back that not even the IIS team could understand. In fact, we never did figure out the root cause until it was reported independently five years later - even with the COM+ team on call! A good penetration testing tool will hide this complexity from users, while still offering it programatically to module writers. Of course, by that standard, only INNUENDO is a good penetration testing tool. :) So watch these two videos, even if you are not a penetration tester, and it may explain some things: https://vimeo.com/152973626 https://vimeo.com/152973635 -dave
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- Tokens are Hard Dave Aitel (Jan 25)