New blog post: "CDPSvc DLL Hijacking - From LOCAL SERVICE to SYSTEM" where I mostly talk about Tokens and Impersonation.
https://itm4n.github.io/cdpsvc-dll-hijacking/ …pic.twitter.com/pqi7k2thcS
This is the legacy version of twitter.com. We will be shutting it down on June 1, 2020. Please switch to a supported browser, or disable the extension which masks your browser. You can see a list of supported browsers in our Help Center.
Vulnerability Analyst at the CERT/CC. My thoughts are my own, not my employer's.
You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
Add this Tweet to your website by copying the code below. Learn more
Add this video to your website by copying the code below. Learn more
By embedding Twitter content in your website or app, you are agreeing to the Twitter Developer Agreement and Developer Policy.
| Country | Code | For customers of |
|---|---|---|
| United States | 40404 | (any) |
| Canada | 21212 | (any) |
| United Kingdom | 86444 | Vodafone, Orange, 3, O2 |
| Brazil | 40404 | Nextel, TIM |
| Haiti | 40404 | Digicel, Voila |
| Ireland | 51210 | Vodafone, O2 |
| India | 53000 | Bharti Airtel, Videocon, Reliance |
| Indonesia | 89887 | AXIS, 3, Telkomsel, Indosat, XL Axiata |
| Italy | 4880804 | Wind |
| 3424486444 | Vodafone | |
| » See SMS short codes for other countries | ||
This timeline is where you’ll spend most of your time, getting instant updates about what matters to you.
Hover over the profile pic and click the Following button to unfollow any account.
When you see a Tweet you love, tap the heart — it lets the person who wrote it know you shared the love.
The fastest way to share someone else’s Tweet with your followers is with a Retweet. Tap the icon to send it instantly.
Add your thoughts about any Tweet with a Reply. Find a topic you’re passionate about, and jump right in.
Get instant insight into what people are talking about now.
Follow more accounts to get instant updates about topics you care about.
See the latest conversations about any topic instantly.
Catch up instantly on the best stories happening as they unfold.
New blog post: "CDPSvc DLL Hijacking - From LOCAL SERVICE to SYSTEM" where I mostly talk about Tokens and Impersonation.
https://itm4n.github.io/cdpsvc-dll-hijacking/ …pic.twitter.com/pqi7k2thcS
The number of services that can be exploited with DLL hijacking is virtually limitless. If a non-admin user can place a file in a SYSTEM-WIDE PATH, then that's the vulnerability. Not any of the services themselves.https://gist.github.com/wdormann/eb714d1d935bf454eb419a34be266f6f …
Wow! We could debate this all day!
But I think you missed the point here. This post wasn't about DLL hijacking. This was just an introduction to some basic Windows Internals.
I'll leave you with this simple question though: why did MS "fix" the IKEEXT service in Windows 8.1?
Indeed, it is a very excellent post with details about some Windows internals! It's the part about the prerequisite of being able to drop a file in a System-wide PATH that's glossed over. If that prerequisite is met, there's no need for anything fancier than DLL hijacking.
Why they fixed the one in 8.1 I cannot answer. Maybe it was before they realized that the battle was unwinnable?
If MS knows that a user-writable system PATH makes for an exploitable OS, then maybe their OS should tell users whenever that's the case? 
Actually, where do you see a reference of Microsoft fixing the IKEEXT service? (CVE) Closest I can find is https://www.immuniweb.com/advisory/HTB23108 … which lists CVEs for each app that has an unprotected dir in the system PATH. Which mirrors what I described. Its unprotected dirs that's the prob.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.