what i do?

Am an Information Risk Consultant and Penetration Tester, i specialize mostly in penetrating secure networks/computer systems where i simulate an organized professional attack against your organization, where after that a detailed report with weakness and exploited vectors are summarized. This will help you gain control over your infrastructures security and maximize your protection.

Monday, September 28, 2009

Malicious documents and their attempts to attacks

Recently been doing ongoing research on using malware when pentesting. A lot of Banks and networks are still vulnerable to these attacks and they still dont know it. Its very important for any pentester who is already in an engagement with such a client, to find such holes before the unethical do it.

So, most of the documents downloaded or attached in an email e.g PDFs, DOCs, PPTs, etc that is infected will have a shellcode, that will do the following: Will have a trojan downloaded from a rogue webserver somewhere in the internet. Then it will write the executable in your system32 folder, and execute the file.

This attack will only work if the user is a local administrator, or has administration privileges to write to system32, and this where you will find none of the windows workstation will work without the admin user.

There are several ways to secure this, that i may have to specify in the next blog entry. Keep tuned.


No comments: