In the ever-evolving landscape of cybersecurity, DEFCON 32 unveiled pioneering tools that challenge traditional security paradigms.
The “ShimMe” talk introduced two groundbreaking tools: the Office Injector and the Shim Injector, each designed to manipulate system processes for elevated security access.
This article delves into these sophisticated techniques, offering a glimpse into their mechanisms and implications for system security.
Tools from the DEFCON 32 talk “SHIM me what you got – Manipulating Shim and Office for Code Injection
Office Injector – Invokes an RPC method in OfficeClickToRun service that will inject a DLL into a suspended process running as NT AUTHORITY\SYSTEM launched by the task scheduler service, thus achieving privilege escalation from administrator to SYSTEM.
Shim Injector – Writes an undocumented shim data structure into the memory of another process that causes apphelp.dll to apply the “Inject Dll” fix on the process without registering a new SDB file on the system, or even writing such file to disk.
Kali Linux 2024.4, the final release of 2024, brings a wide range of updates and…
This Go program applies a lifetime patch to PowerShell to disable ETW (Event Tracing for…
GPOHunter is a comprehensive tool designed to analyze and identify security misconfigurations in Active Directory…
Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders…
The free and open-source security platform SecHub, provides a central API to test software with…
Don't worry if there are any bugs in the tool, we will try to fix…