Dailydave mailing list archives
Locals, axioms, etc.
From: Dave Aitel <dave () immunityinc com>
Date: Wed, 13 Jul 2011 11:56:46 -0400
<http://www.boingboing.net/2011/07/13/scientist-proposes-r.html?dlvrit=36761>Movies are great. Yesterday we spent a couple hours helping one of our CANVAS customers with a gig he was on where he needed to get local/SYSTEM. In his case, he used MS11_032, but for those of you with CANVAS Early Updates, http://partners.immunityinc.com/movies/canvas-ms11_054.mov may provide some illustrated amusement. I don't want to make Tarjei's head big, but what a great find. That wasn't the only local released http://j00ru.vexillium.org/ demonstrates the one in csrss, and talks through the interesting exploitation paths (although currently only for XP). But the story you should see is this: It is an axiom that an attacker will be running Ring0 code on your computer if they are running userland code on your computer. Microsoft has added a lot of complexity to their security model (restricted tokens, UAC, etc) but these are almost certainly a large waste of time. If I understand properly Immunity's MS11_054 exploit also turns off Code Integrity, so you can load 64 bit rootkits, etc. How cool is that? -dave
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- Locals, axioms, etc. Dave Aitel (Jul 13)