Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Save to My Library
Look up keyword or section
Like this
2Activity

Table Of Contents

0 of .
Results for:
No results containing your search query
P. 1
null

null

Ratings: (0)|Views: 3,444|Likes:
Published by Pearltrees2

More info:

Published by: Pearltrees2 on Feb 09, 2011
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

09/08/2012

pdf

text

original

 
Beyond Autorun (v1.0) (c) 2011 IBM Corp. 1
Beyond Autorun
: Exploitingvulnerabilities with removable storage
 Jon Larimer   jlarimer@us.ibm.com
 
IBM X-Force Advanced ResearchBlackHat 
– 
Washington, DC - 2011 January 18, 2011
 
Beyond Autorun (v1.0) (c) 2011 IBM Corp. 2
Contents
 1. Abstract ..................................................................................................................................................... 52. Introduction .............................................................................................................................................. 62.1. A brief history of removable storage malware .................................................................................. 62.2. AutoRun and AutoPlay ....................................................................................................................... 62.3. Stuxnet and the LNK vulnerability...................................................................................................... 72.4. Attacks on physical systems ............................................................................................................... 73. USB Architecture ....................................................................................................................................... 93.1. About USB .......................................................................................................................................... 93.2. Host controllers ................................................................................................................................ 103.3. Devices ............................................................................................................................................. 103.3.1. Hubs .......................................................................................................................................... 103.3.2. Functions ................................................................................................................................... 103.3.3. Interfaces .................................................................................................................................. 103.3.4. Endpoints .................................................................................................................................. 113.3.5. Device classes ............................................................................................................................ 113.3.6. USB descriptors ......................................................................................................................... 123.4. Mass storage class devices ............................................................................................................... 133.5. Attacks using the USB protocols ...................................................................................................... 143.6. Fuzzing USB drivers .......................................................................................................................... 143.6.1. Windows Device Simulation Framework .................................................................................. 153.6.2. QEMU/BOCHS ........................................................................................................................... 154. USB operation on Windows 7 ................................................................................................................. 164.1. USB driver stack ............................................................................................................................... 164.1.1. Core stack .................................................................................................................................. 164.1.2. Class drivers .............................................................................................................................. 174.1.3. USB device recognition ............................................................................................................. 184.1.4. The danger of drivers from Windows Update .......................................................................... 204.2. Mass storage devices ....................................................................................................................... 214.2.1. USB storage port driver and Windows disk class driver ........................................................... 21
 
Beyond Autorun (v1.0) (c) 2011 IBM Corp. 34.2.2. Partition and volume management .......................................................................................... 224.2.3. File system drivers .................................................................................................................... 224.2.4. Fuzzing filesystem drivers on Windows .................................................................................... 234.3. Exploiting USB and file system drivers ............................................................................................. 244.4. PnP Manager .................................................................................................................................... 244.4.1. Kernel mode PnP manager ....................................................................................................... 244.4.2. User mode PnP manager .......................................................................................................... 254.5. AutoPlay ........................................................................................................................................... 254.5.1. Shell Hardware Detection Service ............................................................................................. 254.5.2. ReadyBoost ............................................................................................................................... 275. Windows Explorer ................................................................................................................................... 285.1. Shell Extension Handlers .................................................................................................................. 285.1.1. Registered file types and perceived types ................................................................................ 295.1.2. Icon handlers ............................................................................................................................. 305.1.3. Thumbnail handlers .................................................................................................................. 325.1.4. Image handlers .......................................................................................................................... 345.1.5. Preview handlers ....................................................................................................................... 355.1.6. Infotip handlers ......................................................................................................................... 365.1.7. COM object persistence and type confusion ............................................................................ 365.1.8. Fuzzing shell extensions ............................................................................................................ 365.1.9. Exploiting shell extensions ........................................................................................................ 365.2. Property system ............................................................................................................................... 375.3. Folder customization ....................................................................................................................... 385.3.1. Shell namespace extensions ..................................................................................................... 396. USB operation on GNU/Linux ................................................................................................................. 406.1. Core .................................................................................................................................................. 406.2. USB interface drivers ....................................................................................................................... 406.3. USB mass storage class driver .......................................................................................................... 406.4. udev, udisks, D-Bus .......................................................................................................................... 416.5. File systems in Linux ......................................................................................................................... 417. GNOME and Nautilus .............................................................................................................................. 437.1. Automatic mounting of storage devices .......................................................................................... 43

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->