It is currently 18-08-2017 23:11

The expert found a way to use safe mode in Windows credential theft

The expert found a way to use safe mode in Windows credential theft

by sigismund » 2016-09-16 15:50:20


Method works on all versions of Windows, including Windows 10, despite implemented in this version of the module VSM.


Employee CyberArk Labs Doron Naim (Naim Doron) found a method of credential theft through the use of safe mode (Safe Mode) is implemented in Windows.

According to the researcher, for a successful attack the attacker would first need to obtain access from local administrator privileges to the computer or server running Windows. Further, the attacker can remotely activate the safe mode to bypass protection. In safe mode, the culprit may run a variety of tools to collect credentials and compromise other computers in the network undetected during the whole time. As noted by the name, this method works on all versions of Windows, including Windows 10, despite implemented in this version of the module VSM (Microsoft Virtual Secure Module).

Safe mode loads only the essential services and functions needed to run Windows and blocking the launch of third-party services and software, including security tools. As a result, attackers can remotely run safe mode on compromised computers and subsequently to carry out attacks. Given the popularity of Windows, are under the threat of billions of computers and servers based on this OS worldwide, said Naim.

Successful exploitation of the problem involves three phases: changing the system settings to activate safe mode during the next boot of the operating system create malicious tools to boot in safe mode and implementing a forced restart of the computer to exploit.
sigismund
moderators
Сообщений: 788
Депозит: 0 BTC

Rating: 5