Search the Community
Showing results for tags 'com'.
-
COM Hijacking VOODOO COM-hunter is a COM Hijacking persistnce tool written in C#. This tool was inspired during the RTO course of @zeropointsecltd Features Finds out entry valid CLSIDs in the victim's machine. Finds out valid CLSIDs via Task Scheduler in the victim's machine. Finds out if someone already used any of those valid CLSIDs in order to do COM persistence (LocalServer32/InprocServer32). Finds out if someone already used any of valid CLSID via Task Scheduler in order to do COM persistence (LocalServer32/InprocServer32). Tries to do automatically COM Hijacking Persistence with general valid CLSIDs (LocalServer32/InprocServer32). Tries to do automatically COM Hijacking Persistence via Task Scheduler. Tries to use "TreatAs" key in order to refere to a different component. [hide][Hidden Content]]
-
- 1
-
- com-hunter
- com
-
(and 2 more)
Tagged with:
-
The hardened VirtualBox process on a Windows host does not secure its COM interface leading to arbitrary code injection and elevation of privilege. View the full article
-
- virtualbox
- com
-
(and 6 more)
Tagged with:
-
The VMX process (vmware-vmx.exe) process configures and hosts an instance of VM. As is common with desktop virtualization platforms the VM host usually has privileged access into the OS such as mapping physical memory which represents a security risk. To mitigate this the VMX process is created with an elevated integrity level by the authentication daemon (vmware-authd.exe) which runs at SYSTEM. This prevents a non-administrator user opening the process and abusing its elevated access. Unfortunately the process is created as the desktop user which results in the elevated process sharing resources such as COM registrations with the normal user who can modify the registry to force an arbitrary DLL to be loaded into the VMX process. Affects VMware Workstation Windows version 14.1.5 (on Windows 10). Also tested on VMware Player version 15. View the full article