Cyber security

SHIMME – Manipulating Shim And Office For Code Injection

In the ever-evolving landscape of cybersecurity, DEFCON 32 unveiled pioneering tools that challenge traditional security paradigms.

The “ShimMe” talk introduced two groundbreaking tools: the Office Injector and the Shim Injector, each designed to manipulate system processes for elevated security access.

This article delves into these sophisticated techniques, offering a glimpse into their mechanisms and implications for system security.

Tools from the DEFCON 32 talk “SHIM me what you got – Manipulating Shim and Office for Code Injection

Office Injector – Invokes an RPC method in OfficeClickToRun service that will inject a DLL into a suspended process running as NT AUTHORITY\SYSTEM launched by the task scheduler service, thus achieving privilege escalation from administrator to SYSTEM.

Shim Injector – Writes an undocumented shim data structure into the memory of another process that causes apphelp.dll to apply the “Inject Dll” fix on the process without registering a new SDB file on the system, or even writing such file to disk.

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Recent Posts

Playwright-MCP : A Powerful Tool For Browser Automation

Playwright-MCP (Model Context Protocol) is a cutting-edge tool designed to bridge the gap between AI…

2 weeks ago

JBDev : A Tool For Jailbreak And TrollStore Development

JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…

2 weeks ago

Kereva LLM Code Scanner : A Revolutionary Tool For Python Applications Using LLMs

The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…

2 weeks ago

Nuclei-Templates-Labs : A Hands-On Security Testing Playground

Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…

2 weeks ago

SSH-Stealer : The Stealthy Threat Of Advanced Credential Theft

SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…

2 weeks ago

ollvm-unflattener : A Tool For Reversing Control Flow Flattening In OLLVM

Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…

2 weeks ago