Windows – Insinuator.net

Misc

June 12, 2019 by Aleksandar Milenkoski

Windows Insight: Virtual Secure Mode

The Windows Insight repository currently hosts four articles on VSM (Virtual Secure Mode):

Virtual Secure Mode: Architecture Overview (Aleksandar Milenkoski): In this work, we discuss the architecture of a virtualized Windows environment.
Virtual Secure Mode: Communication Interfaces (Aleksandar Milenkoski): In this work, we discuss the communication interfaces that VSM implements: Isolated User Mode (IUM) system calls, normal-mode services, secure services, and hypercalls.
Virtual Secure Mode: Protections of Communication Interfaces (Aleksandar Milenkoski): This work discusses implemented mechanisms for securing the above VSM communication interfaces. This includes restrictions on issuing hypercalls, data marshalling and sanitization, and secure data sharing.
Virtual Secure Mode: Initialization (Dominik Phillips, Aleksandar Milenkoski): This work describes the process for VSM initialization activities performed by the Windows loader and the Windows kernel when Windows 10 is booted.

– Aleksandar Milenkoski

Misc

May 27, 2019 by Aleksandar Milenkoski

Windows Insight: The TPM

The Windows Insight repository currently hosts three articles on the TPM (Trusted Platform Module):

The TPM: Communication Interfaces (Aleksandar Milenkoski): In this work, we discuss how the different components of the Windows 10 operating system deployed in user-land and in kernel-land, use the TPM. We focus on the communication interfaces between Windows 10 and the TPM. In addition, we discuss the construction of TPM usage profiles, that is, information on system entities communicating with the TPM as well as on communication patterns and frequencies;
The TPM: Integrity Measurement (Aleksandar Milenkoski): In this work, we discuss the integrity measurement mechanism of Windows 10 and the role that the TPM plays
as part of it. This mechanism, among other things, implements the production of measurement data. This involves calculation of hashes of relevant executable files or of code sequences at every system startup. It also involves the storage of these hashes and relevant related data in log files for later analysis;

Continue reading “Windows Insight: The TPM”

Misc

May 23, 2019 by Aleksandar Milenkoski

Windows Insight: A New ERNW Repository

We are glad to announce the Windows Insight repository. The content of this repository aims to assist efforts on analysing inner working principles, functionalities, and properties of the Microsoft Windows operating system. This repository stores relevant documentation as well as executable files needed for conducting analysis studies.

Some of the content of this repository has been created in the course of a project named ‘Studie zu Systemaufbau, Protokollierung, Härtung und Sicherheitsfunktionen in Windows 10 (SiSyPHuS Win10)’ (ger.) – ‘Study of system design, logging, hardening, and security functions in Windows 10’ (eng.). This project has been contracted by the German Federal Office for Information Security (ger., Bundesamt für Sicherheit in der Informationstechnik – BSI). The work planned as part of the project is conducted by ERNW GmbH, starting in May 2017.

Continue reading “Windows Insight: A New ERNW Repository”

Events

April 26, 2019 by SadProcessor

Troopers & Chill…

As promised in my previous post, I am back for an overview of the Troopers19 – Active Directory related talks… Videos have been published and it’s popcorn time… So if you are into stories about Kingdoms and Crown Jewels, grab your loved one [or a drink…] and turn the lights down low, ’cause tonight it’s “Troopers & Chill…”

Continue reading “Troopers & Chill…”

Events

January 15, 2019 by Aleksandar Milenkoski

TROOPERS19 Training Teaser: Insight Into Windows Internals

Windows 10 is one of the most commonly deployed operating systems at this time. Knowledge about its components and internal working principles is highly beneficial. Among other things, such a knowledge enables:

in-depth studies of undocumented, or poorly documented, system functionalities;
development of performant and compatible software to monitor or extend the activities of the operating system itself; and
analysis of security-related issues, such as persistent malware.

Continue reading “TROOPERS19 Training Teaser: Insight Into Windows Internals”

Events

November 19, 2018 by SadProcessor

The Dog Whisperer’s Handbook

Generally speaking, I’m more of a Cat type of guy, but I have to say I really love BloodHound. And if you do too, you are in for a treat…
Last week, the ERNW Insight Active Directory Security Summit took place in Heidelberg. (More Info)
For this occasion, @Enno_Insinuator asked me if I would like to deliver a BloodHound Workshop, and of course I accepted the challenge…

Continue reading “The Dog Whisperer’s Handbook”

Misc

February 23, 2018 by Niklaus Schiess

Creating Static Binaries for Nmap, Socat and other Tools

In various scenarios it might be helpful or even required to have a statically compiled version of Nmap available. This applies to e.g. scenarios where only limited user privileges are available and installing anything to the system might not be desirable.

Continue reading “Creating Static Binaries for Nmap, Socat and other Tools”

Misc

January 29, 2018 by Florian Gattermeier

White Paper on Multi-Factor Authentication in Microsoft Windows Environments

A new ERNW whitepaper was just published. I wrote this whitepaper in the course of my bachelor thesis and it examines multi-factor authentication in Microsoft Windows environments: Continue reading “White Paper on Multi-Factor Authentication in Microsoft Windows Environments”

Building

January 30, 2017 by Enno Rey

IPv6 Properties of Windows Server 2016 / Windows 10

In this post we’ll take a detailed look at the properties of the Windows Server 2016 IPv6 stack.
I perform(ed) this exercise for several reasons:

Continue reading “IPv6 Properties of Windows Server 2016 / Windows 10”