Windows XP File-Based Attacks Chris Dalbec & Chris Woodard

Overview Why This Topic Why This Topic Background Background Macros Macros Other Files Other Files Lab Contents Lab Contents

Motivation File-Based attacks are popular over and peer to peer programs File-Based attacks are popular over and peer to peer programs New unpatched exploits New unpatched exploits Unaddressed in previous labs Unaddressed in previous labs

Macros Some of the most common windows programs allow for macros Some of the most common windows programs allow for macros Macros are mini programs ran inside Microsoft office documents for efficiency Macros are mini programs ran inside Microsoft office documents for efficiency Macros are can execute programs installed on windows Macros are can execute programs installed on windows

When Good Macros Go Bad One of the most popular internet attacks come from the downloading of macro enabled documents One of the most popular internet attacks come from the downloading of macro enabled documents Why are they so potentially dangerous Why are they so potentially dangerous

Other Files Malformed Word Doc Malformed Word Doc HTML Files HTML Files Vector Markup Language Vector Markup Language MSHTML MSHTML Windows Metafile Windows Metafile

Section 1 - Macros This portion of the lab will focus on macro attack This portion of the lab will focus on macro attack The student will: The student will: follow the procedure to produce a virus follow the procedure to produce a virus Inspect and investigate the created virus Inspect and investigate the created virus Run the virus exploit Run the virus exploit Review and test safe measure to prevent the exploit Review and test safe measure to prevent the exploit

Short video of Exploit Walrus Virus Editor in action!

Section 2 - Other Attacks Students will learn how to defend against HTML based Attacks HTML based Attacks Malformed Word Documents Malformed Word Documents WMF Attacks WMF Attacks

References

Questions?