It was surprising to see the CommNet desktops at our disposal at TechEd Barcelona 2008. This time, you were not required anymore to perform a Windows logon to the machine with your attendee account. A generic, limited user account was already logged-on. Every attendee had to use this account.
This is a bad idea. Even a limited user account can be compromised with spyware, as I’ve shown with my Basic Process Manipulation Tool Kit.
cmd.exe was disabled, but this policy is still easy to bypass:
I think you mean to have as title ‘CommNet at TechEd Barcelona 2008’, not Barcedlona😉
Comment by Foo — Tuesday 10 February 2009 @ 20:59
Hello, follow your blog closely..very informational. Wondering you have or know any tools to extract shellcode/malware from within malicious word/office documents. Or perhaps if you have time maybe in the future how to analyze them.
thanks a lot and great job in the blog!!
Comment by rs_001 — Thursday 12 February 2009 @ 19:04
No, I don’t have code for MS Word documents. I do know that DOC files contain a file-system in itself. Haven’t found some good Python MS Word parsing library. But there is official Microsoft documentation for the fileformat.
If you have .docx files: unzip them and parse the XML files.
Comment by Didier Stevens — Friday 20 February 2009 @ 8:27