At the core of the Microsoft Windows operations system is the Object Manager. This subsystem is one of the most used and also least documented subsystems within Microsoft Windows. We use it for every action we perform. The management of all files, registry keys, shared memory, LPC ports, and many other object types are handled by the Object Manager. During this presentation we will discuss this subsystem in depth and how it affects the security of Windows applications. A new tool will be released, ObjectTrace, that can be used to enumerate the Windows objects that are created insecurely by targeted applications. After completing the introduction other advanced topics will be covered including new privilege escalation techniques and hardening strategies. While the methodologies are focused to Microsoft Windows they can be applied to any operating systems.
Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.
Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.