Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Save to My Library
Look up keyword
Like this
1Activity
0 of .
Results for:
No results containing your search query
P. 1
Become Fully Aware of the Potential Dangers of Activex Attacks

Become Fully Aware of the Potential Dangers of Activex Attacks

Ratings: (0)|Views: 76 |Likes:
Published by High-Tech Bridge
Exploiting ActiveX components vulnerabilities in Windows has become a favored method of attackers aiming to compromise specific computers. Such targeted attacks have increasingly become a threat to companies and government agencies. This talk will explain this kind of attack and show how this flaw could be discovered while going through exploitation.
URL: https://www.htbridge.ch/publications/become_fully_aware_of_the_potential_dangers_of_activex_attacks.html
More informaton security publications: https://www.htbridge.ch/publications/
Exploiting ActiveX components vulnerabilities in Windows has become a favored method of attackers aiming to compromise specific computers. Such targeted attacks have increasingly become a threat to companies and government agencies. This talk will explain this kind of attack and show how this flaw could be discovered while going through exploitation.
URL: https://www.htbridge.ch/publications/become_fully_aware_of_the_potential_dangers_of_activex_attacks.html
More informaton security publications: https://www.htbridge.ch/publications/

More info:

Published by: High-Tech Bridge on Oct 13, 2011
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF or read online from Scribd
See more
See less

10/19/2011

pdf

 
Become fully aware of the potentialdangers of ActiveX attacks
Brian Mariani
 –
Senior Security Auditor-Consultant @
High Tech Bridge
CHFI, ECSA, CEH, CCSA, RHCE, MSCE, CCNA, CCNP, CCSP, CCIE
(Written)
 
Agenda
What are ActiveX?
Security problems related to ActiveX.
What kind of security holes can be discovered?
Overview of an ActiveX attack.
Discovering security holes in ActiveX.
ActiveX fuzzers.
My name is COMraider!
Discovering an ActiveX security hole with COMRaider.
Analysing the vulnerability with and
Antipacker
,
WinDBG & IDA
.
Demo
(Tracing the exploit and triggering the flaw).
.
 
What are ActiveX?
(1)
Component Object Model (COM) is a standard binary-interface for software componentryintroduced by Microsoft in 1993.
The term
COM
is often used in the Microsoft software that encompasses the
OLE, OLEAutomation, ActiveX, COM+ and DCOM technologies
.
It’s a kind of a
group of methods
developed for sharing information and functionality amongprograms.
These objects are like small programs or "
applets
" and a number of programs like Office andInternet Explorer (IE) are designed to be able to interact with them. (Word, Powerpoint)

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->