[Dailydave] Tokens are Hard
Dave Aitel
dave.aitel at gmail.com
Mon Jan 25 11:26:51 EST 2016
My original native language in hacking is Unix. I've spent maybe 15 years
doing Windows instead but like many of you I still speak Windows hacking
with an accent. Windows as a Second Language, would be the elementary
school class I'd have to be put into, with all the other immigrants.
Just as in language, complex idioms are the way you tell a native speaker
from a transplant, understanding Windows Tokens is how you tell a native
speaker from someone like me.
There's no hiding the complexity of them. For example, not all SYSTEM
tokens are equal. Which API uses which kind of token in Windows is selected
by a random dice roll of a random person on the Windows Kernel team. To
wit: I found a local SYSTEM bug while doing consulting at Microsoft a while
back that not even the IIS team could understand. In fact, we never did
figure out the root cause until it was reported independently five years
later - even with the COM+ team on call!
A good penetration testing tool will hide this complexity from users, while
still offering it programatically to module writers. Of course, by that
standard, only INNUENDO is a good penetration testing tool. :)
So watch these two videos, even if you are not a penetration tester, and it
may explain some things:
https://vimeo.com/152973626
https://vimeo.com/152973635
-dave
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20160125/f3c9c818/attachment.html>
More information about the Dailydave
mailing list