Questions tagged [windows]
Related to security concerns specific to the Microsoft Windows operating system itself. For security of applications that happen to be running on Windows, please use [appsec]. For the X Window System, please use [x11].
2,263 questions
1
vote
0
answers
31
views
How can I restrict IFEO vulnerability?
I have an application, myapplication.exe. Through IFEO registry I can attach a debugger, which can be a malicious piece of software for a attacker.
Only someone having access to Windows registry can ...
0
votes
0
answers
37
views
Does chocolatey provide cryptographic authentication and integrity validation?
Does the chocolatey package manager cryptographically validate its payload's authentication and integrity for all packages after downloading them and before installing them?
I usually trust my OS ...
- 1,176
0
votes
1
answer
30
views
Does cygwin provide cryptographic authentication and integrity validation?
Does the cygwin package manager cryptographically validate its payload's authentication and integrity for all packages after downloading them and before installing them?
Fortunately, it's possible to ...
- 1,176
0
votes
0
answers
142
views
In Windows 11 why a simple 32-bit console binary run from shell goes without problems while patching just a byte, triggers UAC/new-shell for it?
I came to ask this doubt here, because, it ended being more an operating system's security heuristics/cryptological question than a pure reverse-engineering one.
Question is about UAC and its ...
- 101
1
vote
0
answers
45
views
Tiered AD model: How to grant temporary admin on a workstation without violating Tier-0 hygiene?
My apologies if I ask a basic question,
My Question: So when we design AD environments, we create Tiering models, for example, let's say Tier-0 ( Domain admins ), Tier-1 ( Workstation users )
So now, ...
- 11
0
votes
1
answer
53
views
M2M communication from a trusted app with an untrusted user
This is the scenario I'm facing:
Windows 10 LTS / Windows 11 clients
user with autologon and "unknown" password (the password is autorotated and stored somewhere)
user has limited rights (...
- 111
0
votes
0
answers
39
views
A Biometric Solution to Windows Local Login on Multiple Machines
I have 400ish machines across the US that are serviced by a handful of technicians, that all share a single common local account with Admin access for maintenance work. Obviously that means they all ...
- 101
0
votes
2
answers
205
views
Google Chrome on a Windows computer says web.core.windows.net is a phishing site
A colleague with a Windows computer was visiting a Google Drive page with no links and was redirected to an advertising website (something like lamars.net) and then to a domain http://jsaoiewmsdnfk....
- 123
1
vote
0
answers
163
views
Process injection behaviour: DWM executing CreateRemoteThread in Csrss.exe
To expand on the title, I noticed my system was regularly running CreateRemoteThread commands in random intervals from system bootup (between 0-5) minutes. My OS Version is Windows 11 Pro 24H2. ...
- 61
0
votes
0
answers
20
views
how to make it so a PFX private key can be exported in Windows certmgr [duplicate]
I created a PFX with an X.509 and a private key with OpenSSL. I did not use a password. I then imported the result into Windows and am now trying to export it from Windows but when I do so it's not ...
- 1,830
2
votes
0
answers
692
views
iVentoy installing unsafe Windows Kernel drivers: Why is this happening? [closed]
iVentoy https://github.com/ventoy/PXE/releases
iventoy-1.0.20-linux-free.tar.gz, iventoy-1.0.20-win32-free.zip, iventoy-1.0.20-win64-free.zip
All these distribution files contain "\data\iventoy....
- 139
2
votes
2
answers
880
views
Extract CRT and KEY from signed PEM file without the openssl tool
Is there any way to extract a private key from a PEM file without the openssl tool on Windows?
Windows MMC won't do the trick as I cannot export to PKCS#12 due to my work laptop security restrictions ...
- 41
0
votes
1
answer
151
views
Windows Application Directory Attack for elevated programs implicitly linking dlls: is it the user's responsibility or the developer's?
I'm talking about the 'Application Directory Attack' on Windows, where the attacker plants a dll which an executable depends, into the same folder as the executable, and when the user executes it, the ...
- 1
3
votes
2
answers
1k
views
Is there a way to secure cryptographic key storage on Windows against malware?
I'm developing a Windows application with end-to-end encryption and need guidance on securing the Master Key stored on user machines. A compromised Master Key could have severe consequences if ...
- 31
2
votes
0
answers
166
views
How to Create a RSA Machine Key using CNG on Windows and Grant Access to All Users?
I’m using the Windows CNG API to create a TPM-stored (or MS KSP) RSA key and want to allow non-administrative users to access it. My goal is to generate a machine level key (non-exportable) which can ...
- 161
3
votes
1
answer
205
views
How does Windows store interactive logon credentials in memory in a domain environment?
I’m trying to understand how a user’s domain credentials are stored in the LSASS (Local Security Authority Subsystem Service) process after performing an interactive logon, such as through RDP (Remote ...
- 31
1
vote
0
answers
170
views
Are there any known BIOS that clear a TPM on disabling secure boot?
I noticed that when the secure boot options is disabled on a Bitlocker enabled Windows laptop with TPM, in order to boot into a forensic live OS like Kali in Forensic Mode or Parrot OS that the TPM is ...
- 7,715
1
vote
0
answers
179
views
In a dual boot system, can infected windows partition infect linux partition? [duplicate]
My windows system was infected sometime ago, and they installed some sort of RAT, or spyware which allowed them to essentially view my entire computer screen and see everything I do. I used a lot of ...
- 11
2
votes
1
answer
241
views
Why does Windows Defender Firewall show some seemingly conflicting rules for a process? Do I misunderstand something? If not, which rule prevails?
From my understanding, Windows Defender Firewall claims that PyCharm 2024.2.3 (which I just take as an example) is allowed to communicate on public networks:
However, from my understanding, the ...
1
vote
2
answers
158
views
Does windows security mean from the outside or from the inside?
I had Eclipse and Tomcat installed and when I started it up, the window security asked me the following question:
Translation:
Do you want to allow public and private networks to access this app?
...
- 135
3
votes
1
answer
404
views
HTTP-fallback and site settings in Chrome?
I am testing a deep packet inspection based application to block certain undesirable websites in a corporate network, eg gambling - williamhill.es . We do this by matching ServerName (HTTPS) or Host (...
- 31
11
votes
4
answers
8k
views
Why does one have to hit enter after typing one's Windows password to log in, while it's not to hit enter after typing one's PIN?
I've noticed that on Windows 10, one has to hit enter after typing one's Windows password to log in, while it's not to hit enter after typing one's PIN. Is there a security reason to it?
Typing one's ...
7
votes
1
answer
725
views
Extract signer information from portable executable (PE)
I'm trying to analyse a piece of malware in form of an .exe
I don't really want to put this file in a windows system for obvious reasons. To gain more insight I'd like to look at the signer ...
- 173
4
votes
2
answers
2k
views
Why does ctldl.windowsupdate.com not use (valid) TLS?
I noticed DNS requests to the domain: ctldl.windowsupdate.com.
Some report it as malicious but I think it a false-positive, and it is legitimately Microsoft. It is also mentioned in https://security....
- 7,715
1
vote
1
answer
252
views
How can I know whether a Window Security pop-up asking me for my Windows PIN is legit?
For some sites, I log in via Okta Verify, which in turns asks me for my Windows PIN. How can I know whether a Window Security pop-up asking me for my Windows PIN is legit?
Example of logging in via ...
1
vote
0
answers
473
views
Potato exploits dont spawn reverse shell
What could be the reason for potato exploits not being able to spawn a reverse shell?
OS: Microsoft Windows Server 2022 Standard
Build: 20348
Exploits tried: RoguePotato, SigmaPotato, GodPotato
What ...
- 11
1
vote
2
answers
390
views
What is the logic of using numbers for Windows PIN?
Windows 10 and 11 have an authentication method based on entering a lower complexity code under certain circumstances. This is widely referred to as a PIN, indicating that these are widely thought of ...
- 447
9
votes
4
answers
4k
views
Does Windows 11 PIN Behavior Break Password Security Conventions?
Building on the theme presented in this previous question, does Window's current PIN input userflow break standard password security practices?
Behavior: When the user inputs the correct number of ...
- 193
1
vote
0
answers
50
views
Is this CIS CAT Lite rule applicable to Windows 10?
The CIS CAT Lite tool fails a rule and has the following note:
"This Group Policy path is provided by the Group Policy template <...>.admx that is included with the Microsoft Windows 11 ...
- 131
0
votes
0
answers
96
views
Using Process Monitor to detect any attempt of using network ressources?
could someone please help me with the following issue? I have completely disconnected my PC from the network and would now like to check if there are any processes trying to establish a network ...
- 43
1
vote
1
answer
200
views
What stops malicious code spoofing a Ctrl+Alt+Del login form by allowing only part of the phrase?
According to this answer from a question:
when you press Ctrl+Alt+Del, you can be sure that you're typing your password in the real login form and not some other fake process trying to steal your ...
- 4,795
2
votes
2
answers
168
views
Is the Windows Password that's Used for Window Encryption available to Microsoft?
How does Windows manage passwords used for whole disk encryption? Is the password linked to the Windows account in a way where Microsoft has access to the password and thus a legal obligation to ...
- 1,956
2
votes
2
answers
968
views
If I try to open a PDF that is password protected inside an email, can I harm my PC [closed]
I have my own Office 365 tenant, and yesterday I got an email from the IT manager of an eligible chemical company in India, where the email contains a password-protected PDF. The email did not go to ...
9
votes
4
answers
5k
views
Is BitLocker susceptible to any known attacks other than bruteforcing when used with a very strong passphrase and no TPM?
I have learned about attacks where the BitLocker master key can be sniffed on its way from the CPU to the TPM using a logic analyzer. However, in computer configurations without TPMs, this is ...
- 1,362
1
vote
0
answers
203
views
What happens when Windows Defender wants to submit a file for analysis? [closed]
Occasionally when I write certain programs (especially ones that deal directly with memory) I get that notification that Windows wants to submit the file for analysis. Defender still lets the program ...
- 531
2
votes
2
answers
456
views
Is path traversal a valid vulnerability valid for a windows desktop application?
I am having a small .NET console application that the user launches on its local machine, passing a path argument to which the application is writing a file.
Can this be considered a path traversal ...
- 123
8
votes
3
answers
4k
views
How safe is the runastool.exe, any known issues?
I don't know how known is this tool, but an admin in our organisation is using RunAsTool v1.5 :
https://www.sordum.org/8727/runastool-v1-5/
I did not hear about it before, the website seems to propose ...
- 327
0
votes
0
answers
88
views
How can this unelevated tool intercept VM traffic and cause a "blue screen of death" on a personal Windows 10 computer?
Because my child wanted to access certain blocked websites (such as ChatGPT), on his school computer, which runs personal Windows 10, I decided to setup a Ubuntu VM for him.
Websites are blocked by a ...
- 4,795
2
votes
0
answers
137
views
Is it normal to have Sysmon detect CreateRemoteThread on a fresh and clean Windows Server installation?
A fresh Windows Server installation (20212 R2), all updates applied. Sysmon v15.15 installed. Literally nothing else was installed/added. Never started a browser, never opened a web page. Only apps ...
- 23
6
votes
1
answer
188
views
How does a Windows application prevent inspection from the same user that started it, without elevation?
I'm investigating the security measurements used by an application running in Windows 10. The application is started by my local non-admin Windows user and does not try to elevate to administrator ...
- 163
-1
votes
2
answers
172
views
if mysql server is not running, is it still possible somebody gain access to my database from outside LAN (hack my database without my consent?)
I am using phpmyadmin running on xampp windows in a LAN environment. I want to find some ultimate secure solution for my database. So I am not running mysql (showing Stop in xampp control panel), is ...
- 1
2
votes
1
answer
528
views
Modifying a bat file and its execution rights in Windows
Could you please tell me, I'm trying to pass a very easy machine on HTB - Markup. I'm a little stuck at one point because I can't understand how it works.
I got access via SSH, now I need to raise the ...
- 123
1
vote
1
answer
185
views
How to limit the Wireless CA can only use in wireless connection on Windows?
My school require me to install a CA to do connect to the school Wi-Fi network. In android, I can install it into Wireless CA list, and based on my understanding, that won't give the CA owner ...
- 11
7
votes
1
answer
2k
views
Does CrowdStrike Falcon get validated by the Windows kernel as being crash-free?
With Linux, eBPF programs are validated as not causing crashes. Apparently that validation has had errors previously because of bugs in the Linux kernel.
How is CrowdStrike Falcon implemented on ...
- 3,237
5
votes
2
answers
862
views
How safe are my app's keys inside the TPM against other apps trying to impersonate mine?
This is a follow-up of these two questions about using the TPM to store application's keys. While both have great answers, there is a specific aspect I am missing:
How safe are the keys inside the TPM ...
- 133
7
votes
2
answers
2k
views
Use of TPM to encrypt data of my application in practice
I am not very familiar with TPMs, but from what I can tell their main benefit for the user is to make the system as a whole more secure, if you take the appropriate measures, e.g. by checking the boot ...
- 133
1
vote
1
answer
183
views
How can Bitlocker do this?
Im about to upgrade my CPU that has TPM in it. Bitlocker is TPM+PIN+Keyfile. Now, naturally when upgrading CPU I will suspend Bitlocker, shutdown, change CPU and reboot. OK, I can understand that ...
- 93
1
vote
1
answer
890
views
Safely use Git Bash on Windows [closed]
I've recently downloaded and installed Git Bash for Windows https://git-scm.com/downloads, my primary goal is to use it for pushing code to GitHub. I already connect Gitbash with Github in browser ...
- 19
28
votes
4
answers
9k
views
How long does malware last "in the wild"?
I watched this YouTube video where the uploader connected a Windows 2000 virtual machine directly to the internet, no NAT or firewall.
Within minutes, his VM is infected with malware, the overwhelming ...
1
vote
0
answers
107
views
SmartCard rollout for Windows RDP clients
We want to deploy a thin client architecture, where the users can sign-in into their session from every client by inserting their SmartCard into an attached reader but we have a hard time finding ...
