26 | August | 2010 | Didier Stevens

Thursday 26 August 2010

Quickpost: Ariad & DLL Preloading

Filed under: My Software,Quickpost,Vulnerabilities — Didier Stevens @ 12:11

I’m writing this quickpost just in case you hadn’t figured this out for yourself: the techniques I described to protect machines from the .LNK vulnerability also help you mitigate the DLL preloading issue.

The .LNK vulnerability mitigation examples I gave with Ariad (no file execute) and SRP prevent loading of DLLs from untrusted locations (USB sticks, network drives, …). These will also prevent DLLs from loading from untrusted sources in the case of DLL Preloading exploits.

Comments (5)

“Hacking PDF” Training at Brucon

2 days of "Hacking PDF" training at Brucon

Didier Stevens Labs

Visit my company, Didier Stevens Labs

Pages

About

Links

My Software

Professional

Programs

Ariad

Authenticode Tools

Binary Tools

CASToggle

Disitool

EICARgen

ExtractScripts

FileGen

HeapLocker

Network Appliance Forensic Toolkit

Nokia Time Lapse Photography

OllyStepNSearch

PDF Tools

Shellcode

SpiderMonkey

Translate

USBVirusScan

UserAssist

XORSearch

ZIPEncryptFTP

Public Drafts

Cisco Tricks

Reverse Engineering Mentoring

Screencasts & Videos
Search for:
Top Posts
Categories
- .NET
- 010 Editor
- Announcement
- Arduino
- bpmtk
- Certification
- Didier Stevens Labs
- Eee PC
- Encryption
- Entertainment
- Fellow Bloggers
- Forensics
- Hacking
- Hardware
- Malware
- My Software
- N800
- Networking
- Nonsense
- nslu2
- OSX
- PDF
- Personal
- Physical Security
- Poll
- Puzzle
- Quickpost
- Reverse Engineering
- RFID
- Shellcode
- smart card
- Spam
- technology
- Uncategorized
- Update
- Vulnerabilities
- WiFi
- Windows 7
- Windows 8
- Windows Vista
Blog Stats
- 2,388,387 hits
Twitter @DidierStevens
- RT @DSTLabs: 10 days left: early-bird registration for my Brucon Hacking PDF training 2013.brucon.org/index.php/Trai… 1 day ago
- RT @digininja: Would anyone around the South Yorkshire area be interested in a hacker con in Sheffield? Just feeling the waters for interes… 1 day ago
- RT @chrcallewaert: En dan zo'n zonnepaneel dat loskomt door rukwind en chauffeur van giftrein uitschakelt, die aan 120km/u Brussel-Centraal… 3 days ago
- RT @bortzmeyer: Hacking the crash dump path in MS Windows. The crash dump subsystem can be tricked into writing/reading anywhere. #NoSuchCon 4 days ago
- New blogpost "Quickpost: Signed PDF Stego" bit.ly/10GvGbo 6 days ago
Archives
- May 2013
- April 2013
- March 2013
- February 2013
- January 2013
- December 2012
- November 2012
- October 2012
- September 2012
- August 2012
- July 2012
- June 2012
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
- May 2010
- April 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- September 2006
- August 2006
- July 2006
- June 2006
August 2010

M T W T F S S

« Jul Sep »

1

2 3 4 5 6 7 8

9 10 11 12 13 14 15

16 17 18 19 20 21 22

23 24 25 26 27 28 29

30 31

Theme: Rubric. Blog at WordPress.com.

Follow

Follow “Didier Stevens”

Powered by WordPress.com