Design Pattern: Mitigating DLL Hijacking in Installers

Design Pattern: Mitigating DLL Hijacking in Installers


About 'DLL Search Order Hijacking' vulnerability?

Windows systems use a standard method to look for required DLLs to load into a program. Adversaries may take advantage of the Windows DLL search order and programs that ambiguously specify DLLs to gain privilege escalation and persistence.

Read More

'OAuth 2.0 & Security Considerations' @ OWASP/Null Delhi chapter meet

'OAuth 2.0 & Security Considerations' @ OWASP/Null Delhi chapter meet

I gave this talk at OWASP/Null Delhi chapter meet. The session was around the OAuth 2.0 workflow and few security considerations that developers or security analyst needs to take care.

Event details: https://null.co.in/events/210-delhi-null-delhi-meet-30-july-2016-null-owasp-combined-meet


Read More

'Security Automation Using ZAP' @ OWASP AppSec Europe '16

'Security Automation Using ZAP' @ OWASP AppSec Europe '16

These are the slides from my lightning talk at OWASP AppSec Europe 2016. The session broadly consisted of:

- Quick run through of ZAP GUI
- Understanding what can be automated
- How to integrate ZAP with automation scripts
- Example scripts/Hands-on
- Some delicate considerations
Read More

Untangling some mess around SHA-1 Deprecation Policy on Windows

Untangling some mess around SHA-1 Deprecation Policy on Windows

Windows recently announced updates to their SHA-1 deprecation policy [0]. According to the update, Win 7 and later platforms will no longer support SHA-1 certificate hash (CH) post 1st January 2016.  This means, all the binaries have to be signed with SHA2 after 1st Jan 2016 else Windows will pop up an alert!

Initially, this policy got me worried. WHY? Because as per [1], MS pushed SHA-2 support to Windows 7 and Windows Server 2008 R2 on 14/Oct/2014, that was later revoked due to some issues and re-pushed in their advisory KB3033929 [2] which was published on 10/Mar/2015 (Just a few months ago!).  So, all the users who aren't on KB3033929 will not be able to verify my valid SHA-2 certs? Yes, they can! Read on...


Read More

CVE-2015-2098: Analysis and Exploitation of eDVR Manager ActiveX control Vulnerability

CVE-2015-2098: Analysis and Exploitation of eDVR Manager ActiveX control Vulnerability
In this post, we would be analyzing CVE-2015-2098, a stack buffer overflow vulnerability and will be building a robust exploit for Windows XP and Windows 7.


We would be exploiting this vulnerability using SEH overwrite technique and will further use some methods to circumvent exploit mitigation techniques like DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization).

Read More