SHIMME – Manipulating Shim And Office For Code Injection

August 12, 2024

In the ever-evolving landscape of cybersecurity, DEFCON 32 unveiled pioneering tools that challenge traditional security paradigms.

The “ShimMe” talk introduced two groundbreaking tools: the Office Injector and the Shim Injector, each designed to manipulate system processes for elevated security access.

This article delves into these sophisticated techniques, offering a glimpse into their mechanisms and implications for system security.

Tools from the DEFCON 32 talk “SHIM me what you got – Manipulating Shim and Office for Code Injection

Office Injector – Invokes an RPC method in OfficeClickToRun service that will inject a DLL into a suspended process running as NT AUTHORITY\SYSTEM launched by the task scheduler service, thus achieving privilege escalation from administrator to SYSTEM.

Shim Injector – Writes an undocumented shim data structure into the memory of another process that causes apphelp.dll to apply the “Inject Dll” fix on the process without registering a new SDB file on the system, or even writing such file to disk.

SHIMME – Manipulating Shim And Office For Code Injection

LEAVE A REPLY Cancel reply

APPLICATIONS

NativeDump : A Cutting-Edge Approach For Secure Minidump Creation

mpDNS : Multi-Purpose DNS Server 2019

Lorsrf : SSRF Parameter Bruteforce

Netmap.Js : Fast Browser-Based Network Discovery Module

HOT NEWS

JVMXRay : Make Java Security Events Of Interest Visible For Analysis

EVEN MORE NEWS

DependencyTrack 4.10.0 – Release Overview And Security Hashes

DependencyTrack 4.10.1 – Release Update And Verification Details

Dependency Track 4.11.0 – Enhancements, Bug Fixes, And Dependency Updates

POPULAR CATEGORY

CloudPulse – AWS Cloud Landscape Search Engine

Poodone – A Comprehensive Toolkit For Cybersecurity Professionals

APKscan – Mastering Android Security Analysis