Posts
-
Diving into Intel Killer bloatware, part 2
Killer exposes a set of COM interfaces that allow a non-privileged caller to block network access to a specific domain, block network access for a specific process, and to control services registered in the OS. In other words, it provides a firewall-like functionality to any user, allowing them to block network for privileged software and to start, stop or even disable any service in the OS. Intel Killer Performance Suite is network optimization software intended to improve gaming experience. It comes preinstalled on some laptops equipped with Intel Killer NICs, including Dell and a few other OEMs. Intel did not acknowledge the vulnerability, but released a quiet patch after I submitted it to Mitre. In this post I will demonstrate how to use Killer’s COM server to disrupt Windows updates, stop Volume Shadow Service and block access to intel.com.
-
Diving into Intel Killer bloatware, part 1
Killer Control Center before version 2.4.3337.0 is prone to tampering (person-in-the-middle) attack. Remote attacker can start, stop, enable or disable any service and block network access for any process in the OS regardless of their privileges.
-
Veeamon
Veeam ships a signed file system filter with no ACL on its control device object. The driver allows to control all IO operations on any file in the specified folder. By abusing the driver, an attacker can sniff and fake reads, writes, and other IO operations on any file in the file system regardless of its permissions.
-
Exploiting FGuard.sys
Some time ago I looked for a driver to play with. I wanted to find a vuln and to exploit it. After picking a few random drivers from the internet I’ve stumbled upon Folder guard. This application implements folder locking with password, you can read more at: https://www.winability.com/folderguard/ To enforce folder locking FolderGuard leverages legacy file system filter driver fguard32[64].sys.
subscribe via RSS