Bosses love Excel...hackers too!

Video thumbnail (Frame 0) Video thumbnail (Frame 1255) Video thumbnail (Frame 2056) Video thumbnail (Frame 2882) Video thumbnail (Frame 3666) Video thumbnail (Frame 4970) Video thumbnail (Frame 6046) Video thumbnail (Frame 6797) Video thumbnail (Frame 8115) Video thumbnail (Frame 8881) Video thumbnail (Frame 9642) Video thumbnail (Frame 10416) Video thumbnail (Frame 11150) Video thumbnail (Frame 12663) Video thumbnail (Frame 13574) Video thumbnail (Frame 14885) Video thumbnail (Frame 16490) Video thumbnail (Frame 17523) Video thumbnail (Frame 18447) Video thumbnail (Frame 19588) Video thumbnail (Frame 20788) Video thumbnail (Frame 22152) Video thumbnail (Frame 23133) Video thumbnail (Frame 24230) Video thumbnail (Frame 25364) Video thumbnail (Frame 27049) Video thumbnail (Frame 27815) Video thumbnail (Frame 28764) Video thumbnail (Frame 29506) Video thumbnail (Frame 30371) Video thumbnail (Frame 31123) Video thumbnail (Frame 31877) Video thumbnail (Frame 32700) Video thumbnail (Frame 33674) Video thumbnail (Frame 34400) Video thumbnail (Frame 35367) Video thumbnail (Frame 36166) Video thumbnail (Frame 37052) Video thumbnail (Frame 37798) Video thumbnail (Frame 39798) Video thumbnail (Frame 40556) Video thumbnail (Frame 41412) Video thumbnail (Frame 42147) Video thumbnail (Frame 43107) Video thumbnail (Frame 43851) Video thumbnail (Frame 45094) Video thumbnail (Frame 46842) Video thumbnail (Frame 47870) Video thumbnail (Frame 48621) Video thumbnail (Frame 49563) Video thumbnail (Frame 50499) Video thumbnail (Frame 51255) Video thumbnail (Frame 51996) Video thumbnail (Frame 53123) Video thumbnail (Frame 53891) Video thumbnail (Frame 54772) Video thumbnail (Frame 56116) Video thumbnail (Frame 56937)
Video in TIB AV-Portal: Bosses love Excel...hackers too!

Formal Metadata

Bosses love Excel...hackers too!
Title of Series
CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Release Date

Content Metadata

Subject Area
Remote applications published in companies are around us in the cloud. In this talk we are going to add ICA and Terminal Server Apps to fingerprinting process, automating data analysis using FOCA. It will allow attacker to fingerprinting internal software, internal networks and combine the info in PTR Scanning, evil-grade attacks and command execution trough Excel files. In the end, we are going to play with a tricky feature in security policies about remote excel that will allow hackers to bypass macro restrictions. Chema Alonso is a Security Consultant with Informatica64, a Madrid-based security firm. Chema holds respective Computer Science and System Engineering degrees from Rey Juan Carlos University and Universidad Politécnica de Madrid. During his more than six years as a security professional, he has consistently been recognized as a Microsoft Most Valuable Professional (MVP). Chema is a frequent speaker at industry events (Microsoft Technet / Security Tour, AseguraIT) and has been invited to present at information security conferences worldwide including Black Hat Briefings, Defcon, Ekoparty and RootedCon - He is a frequent contributor on several technical magazines in Spain, where he is involved with state-of-the-art attack and defense mechanisms, web security, general ethical hacking techniques and FOCA, the meta-data extraction tool which he co-authors. Juan Garrido "Silverhack" is a forensics professional who had been working as security consultant the last seven years. He is the writer of two books about Forensic Analysis in Windows Environments and actually works as security consultant in Informatica 64.

Related Material

Video is accompanying material for the following resource
Dean number Tournament (medieval) Coma Berenices Hacker (term) Boss Corporation
Pi Bridging (networking)
Area Revision control Trigonometry Medical imaging Sign (mathematics) Information Independence (probability theory) Coma Berenices Software testing
Radical (chemistry) Service (economics) Server (computing) Integrated development environment Hacker (term) Cartesian coordinate system Window
Point (geometry) Touchscreen Asynchronous Transfer Mode Server (computing) Computer file Stem cell factor Tournament (medieval) Cartesian coordinate system Connected space Revision control Website Key (cryptography) Remote procedure call Website Recursive descent parser Data compression Address space
Domain name Suite (music) Server (computing) Computer file Demo (music) File format Cartesian coordinate system Data management Order (biology) Data management Order (biology) Remote procedure call Extension (kinesiology) Physical system Formal grammar Physical system
Meta element Execution unit Link (knot theory) Computer file Web page Computer Database Term (mathematics) Cartesian coordinate system Software Website Information Transportation theory (mathematics) Physical system Systems engineering
Email Regular graph Integrated development environment Demo (music) Clique-width Repeating decimal
Demo (music) Software Computer file Password Address space
Wave Execution unit Finite element method Permanent Logic Hill differential equation Database Transportation theory (mathematics) Directed graph
Link (knot theory) Computer file Information State of matter Exploit (computer security) Password Database IP address Pythagorean theorem Password Software Configuration space Right angle Information Transportation theory (mathematics) Physical system Physical system Address space
Execution unit Module (mathematics) Sample (statistics) Computer file Information Internetworking Password Computer icon
Focus (optics) Server (computing) Information Computer file Structural load Mereology Cartesian coordinate system Revision control Data model Message passing Error message Logic Software Operating system Website Configuration space Message passing
Service (economics) Server (computing) Electronic data processing Computer file Cellular automaton Electronic mailing list Incidence algebra Cartesian coordinate system Neuroinformatik Revision control Radical (chemistry) Exterior algebra Error message Cache (computing) Different (Kate Ryan album) Computer configuration Operator (mathematics) Software Gastropod shell Gastropod shell Message passing Error message Communications protocol
Mobile app Type theory Server (computing) Mobile app Error message Computer file Computer program Operating system Procedural programming CAPTCHA Message passing Connected space
Electronic mailing list Calculus Cartesian coordinate system Number
Message passing Ferry Corsten Electronic mailing list Cartesian coordinate system Neuroinformatik
Server (computing) Link (knot theory) Digital electronics Link (knot theory) Server (computing) System administrator Computer program Online help Cartesian coordinate system Variable (mathematics) Mereology Bookmark (World Wide Web) Variable (mathematics) Radical (chemistry) Integrated development environment Computer configuration Hacker (term) Operating system Integrated development environment Error message Window Physical system
Wechselseitige Information Computer file Link (knot theory) Multiplication sign Online help Bit rate Open set Menu (computing) Mereology Internetworking Different (Kate Ryan album) Operating system Information Window Shift operator Key (cryptography) Keyboard shortcut Computer program Usability Group action Cartesian coordinate system Checklist Personal digital assistant Sheaf (mathematics) Physical system
Server (computing) Demo (music) Server (computing) Demo (music) Website Physicalism
Integrated development environment Office suite Cartesian coordinate system
Internetworking Connectivity (graph theory) Client (computing) Open set Physical system
Internetworking Server (computing) Demo (music) Metropolitan area network
Software Internetworking
User profile Computer file Integrated development environment Keyboard shortcut Physical system
Execution unit Mathematics Cellular automaton MIDI Video game console Power (physics)
Operating system Cartesian coordinate system
Mobile app Complex (psychology) Server (computing) Server (computing) Demo (music) Complex (psychology) Maxima and minima Cartesian coordinate system Discrete element method Bookmark (World Wide Web) Radical (chemistry) Operating system Remote procedure call
Data mining Boss Corporation Visualization (computer graphics) Database Cartesian coordinate system Boss Corporation
Server (computing) Electronic data processing Arm Demo (music) Computer file Computer program Client (computing) Digital signal Mathematics Radical (chemistry) Integrated development environment Different (Kate Ryan album) Office <Programm> Configuration space Information security Window Recursive descent parser
Default (computer science) Uniform resource locator Integrated development environment Computer file Internetworking Computer configuration Virtual machine Office suite Macro (computer science) Information security
Server (computing) Multiplication Computer file Virtual machine Maxima and minima Cartesian coordinate system Radical (chemistry) Integrated development environment Visualization (computer graphics) Personal digital assistant Computer configuration Macro (computer science) Information security
Trust Center Source code Subject indexing Default (computer science) Macro (computer science) Computer configuration Virtual machine Bus (computing) Content (media) Information security Hacker (term) Open set
Data management Presentation of a group Process (computing) Visualization (computer graphics) Computer file Cartesian coordinate system Machine vision Window
Mobile app Server (computing) Public key certificate Demo (music) Computer file System administrator Cellular automaton Workstation <Musikinstrument> Sound effect Water vapor Digital signal Directory service Integrated development environment Software Hash function Interpreter (computing) Backup Remote procedure call Video game console Information security Window Physical system
Windows Registry Macro (computer science) Computer file Interpreter (computing) Usability Text editor Line (geometry) Extension (kinesiology)
Execution unit Random number MUD Computer file Structural load Web page Artificial neural network Image warping Maxima and minima Data management Well-formed formula Interpreter (computing) Video game Window
Demo (music) Real number Decision theory Virtual machine Cartesian coordinate system Subject indexing Macro (computer science) Personal digital assistant Computer configuration Personal digital assistant Program slicing Office suite Macro (computer science)
Macro (computer science) Integrated development environment Macro (computer science) Window Connected space
Macro (computer science) Computer file Directory service Macro (computer science)
Default (computer science) Uniform resource locator User profile Computer file Virtual machine Client (computing) Information security Maß <Mathematik> Template (C++)
Uniform resource locator Macro (computer science) Demo (music) State of matter System administrator Macro (computer science) Public key certificate
Computer configuration Personal digital assistant Macro (computer science) Maß <Mathematik> 2 (number)
Wave Message passing Computer file Structural load Hill differential equation Gamma function
Execution unit Vulnerability (computing) Public key certificate Link (knot theory) Online help Content (media) Online help Term (mathematics) Content (media) Electronic signature Public key certificate Electronic signature Sign (mathematics) Root Convex hull Information
Message passing Root MIDI Content (media) Energy level Public key certificate
Source code Subject indexing Ocean current Macro (computer science) Public key certificate Computer configuration Content (media) Focus (optics) Square number Task (computing)
Injektivität Sign (mathematics) Sign (mathematics) Macro (computer science) Link (knot theory) Computer file Sequel Computer Instance (computer science) Public key certificate Macro (computer science)
Injektivität Computer file Programmable read-only memory Virtual machine Physical law Instance (computer science) Infinity Form (programming) Vulnerability (computing)
Point (geometry) Film editing Integrated development environment Query language Authorization Information Cartesian coordinate system
Mobile app Server (computing) Web page Limit (category theory) Cartesian coordinate system Host Identity Protocol Radical (chemistry) Message passing Integrated development environment Operating system Remote procedure call Information security Oracle
Web 2.0 Radical (chemistry) Server (computing) Computer configuration System administrator Computer program Cartesian coordinate system
hello hello everybody how many of you speak Spanish okay perfect well we got here a trophy because they took today this morning we had our tournament of soccer and our team won the trophy the spanish teen the forgetting I'm sorry for the engine Tina South Africa the rest of the Dean we want the trophy next year maybe well thank you for coming to this session when first of all first of all letting let me introduce to us my friend is wanna read oh and I'm Shyamalan so we are we are working in a small company in Spain calling for mario 64 and before that before starting with
the topic we would like to to introduce
our country we are from Spain probably it's in a small country small country
this small country in the middle of everything we are in the middle of europe and africa and south america because or our history and if you never
want to spend you have to go there I'm from Madrid which is a very nice City it
was the capital of the bacon pie five centuries ago but it's a very nice city and if you go to Madrid you will never
be a foreigner because each world to Madrid you are from Madrid so come to our city and juanita is from another city it was the capital of the Arabic
Empire in the 7th century when Spain was an Arabic country lot lot of centuries ago and in and from that tower is the the gold stour the first the first the first one on the left is where the goal from America came to Europe that's the world that where is on Sevilla and Sevilla is very famous because of the
parties because of the flamenco and so on and especially there are big
monuments this is one of the most famous monuments in in Sevilla is the plaza espana probably all of you know this monument and you have to visit it because it's a monument in which you will fall in love because if Anakin Skywalker could fall
it fell in love in Sevilla you can do it also so don't forget to visit our country well and juanito is from a very
small area of Sevilla which is Triana Triana is a Republican independent republic in Sevilla and it's very famous for the Holy Week because they are very religious and there are thousands of people carrying the images and of course after that having drinks well you know
we work in informatica 64 and probably a sign of the son of you have have been listening about phouka which is one of the tool that we develop and it's a free tool that you can use for strike information pen testing and so on tomorrow we are going to deliver after our shop of 88 hours with the new version which is the version 3 so if any of you want to attend I'm not sure if you can book for a receipt but you can ask for it what is the topic that we are
going to talk today well we are going to talk about something which Caesar is very very very common which is the
remote application using using Citrix and terminal services there are a lot of a lot of work done previously about this topic about citrix application and windows terminal services but we still
believe that it is important because nobody is taking care about it and one nobody a lot of people has and secure environment and we are going to see how easy a hacker can get into a company just using this kind of environments so
first of all it's very easy to discover the entry point of a company just searching for remote application or remote connection on Google they are searching for rdp files you can discover
almost two thousand places almost 2,000 servers publishing applications of
course you can discover also government sites government with tournament remote application that you can just click on
it and test it we'll see what happened
well you can do the same more or less the same in in being in being you cannot use the extension of modifier but you can use the file type this is a txt file and searching for any of the modifiers which appears in all the files you can discover thousands of remote application
so some of the places that we discover with this one with the suit with this remote applications are from the government is what this is one of the the sizes the patrol order management system is a dot mil domain here in the States but we were we were going to do a demo with this server but we were talking to Jeff and they found something someone and today is fix it I don't know why but but we are going to do the demo
with the California Transportation Department of Transportation which is another side well just reading the
website you can discover the remote
remote application there is an acre file and you can download the file and just
begun on it let's see what happens
I promise five minutes ago it was working it's blue top with rotc auto 5
minutes ago it was working maybe mush was fine and well no problem we are going to do a latte the next demo don't worry well I'll secure this environment
well as we are going to see there are a lot of things to to worry about and it's very complicated to secure all the environments in one this picture with
the demo is it doesn't make sense but
after Sorry Sorry are you sure now I
don't know it five minutes ago okay
let's let's don't let it again but I we don't learn it five minutes ago so
California Transportation
routing database here it is Cole trans
no no they fix it five minutes ago it
was working we'll hit me well don't
worry well one of the one of the biggest
problems with these files this configuration files is the verbosity just reading the files which are txt file you can discover a lot of crap information like internal IP address users encrypted password you cannot use that password you can struck the password from the encrypted password but you can get access to the system using an anonymous account or a user account in the system right so these files are perfect for a PT's just for the people who is collecting information or for prepare a sunday special attacks like the evil great attack just searching on
the internet for this kind of files they
are searching for an ik file you can search for Lulu what's it X icon and
just searching for documents with or NT you can discover files with the password
for Oracle just in the text so Judah next you don't need to know to do any special there are a lot of information in that file so due to this we decide to
add this kind of files to focus our tool for information gathering and for fingerprinting information about website and companies and right now you do don't load not tomorrow you do a lot tomorrow the focus rebellion you will see that in
the new version for guys searching for this kind of file and extract
information and so on the second big problem is that it's a txt file so whoever whoever has the file can modify the information and can try to to get access to another another part of the operating system so just modify the the configuration file and generating Aaron messages on the servers you can discover something like all the application in the operating system we do only need to create a logic with the
error messages and terminal services and citric services incident citric servant has different error messages when you cannot get access to the file done when you cannot do the file is not on the server so just trying to ask for applications you can extract the whole list of application install in a computer to do this in Terminal Services
is quite simple because there is a modifier which is ultimate a shell this a this option was created for versions of the RDP protocol previous to personal six but it is this it is it x6 still in the in the LDP files or Terminal Service 2008 it doesn't work but the option it is there so you can ask for an application and the terminal server will say okay you cannot use these ops you cannot access this problem because the alternator cell is forbidden but you will receive different error messages so
if you receive excessively Nevada which
is in Spanish because Spanish is better do you know that the file the file is in the operating system but if you receive
you cannot get you cannot access to this file you know that this file is not in the service so the good thing is that
you can do the same in citrix and there is there isn't any protection against one connection and another connection another connection and you don't have even to type a CAPTCHA so you can optimize optimize the this procedure with a tool we created kaka which is a computer-assisted idris apps and it's just it's just a tool to do it
this so joining it to open kaka select
11 I go file a list of application in the example notepad brigid it command no exceeds and calc and kaka and the number of threats that you won't want to use and parallel and kaka will do this for you so you can go to half a copy that
kaka is working kakaka is working well
kaka is trying to crack is trying to open the the application and the only
thing that kaka is doing is having a snapshot so then when kaka finished you
only have to review the her messages so
it of this way you know if their application exit or not you can you can use a very big list of application and lift kaka running on our computer for one day and the end of the day you got your list of application in in caucus well quite simple the other the other
thing with terminal terminal application is the what we call playing the piano in the terminal services environments and cities environment there are too many
links to too many environment variables too many circuits too many options that
allows to a hacker to get an especial part of the system that the system administrator didn't thought didn't think of at the beginning one of our favorite is windows server 2008 because windows server 2008 wants to help you everything so if you ask for an application which is not in the operating system windows 2008 shows you an error message with a Help button
which will I help why not so just click
and I'll help the the Help button the Health application appears and in these applications you got a lot of links to open internet explorer or to open the open file panel and run commands and so on playing the piano was a very very
nice thing to do with a lot of shortcuts to access different part of day of the operating system but dry now we got more and more shortcuts sticky case which is a funny thing just clicking on on on shift k three or four times the operating system will show you the sticky case menu which is within the control panel so even if you don't have access to the control panel with the sticky keys you will be able to configure all the control panel of the operating system you're clicking on save and so on it's easy to to do this well
let's do a demo with the demo with
citrix so well this is the website of
physics but this is the website for demo
servers so it's a demo is legal
we got a user here which is tanto del coulis and a Spanish name the rest of the username name was taken at no no no
no no no no now it is working well this is the
environment as you can see in this environment we got a lot of application
we are going to use Excel because this talk is about Axl so let's go to the office application and run Axl 10 to 10
22 to 30 excel is working well excel is
working well right now the system is downloading the client component so so open Excel lunch you have to open lunch no maybe no no execute ok lunch
or something with internet explorer but we are going to launch the XL
excel is working believe me starting Microsoft Excel internet is low ah now man at the connector Albania
no no no
what a sex then oh my god
okay it is working at least in the end well now connect today to the remote
exhale come on please if someone is doing a man-in-the-middle attack in this network please don't do it moxie
how many guys oh wow what happened with the internet here
small slowly in English it's more slowly
fighting internet on it hey hey just open X and we didn't hear anything yeah okay yeah open well this is the Citrix
environment it's supposed to be secured by the guise of citric so let's try to I don't know use the environment variable to connect to the system road it's forbidden to the user profile it's forbidden and so on but you can do a lot of tricks one of the tricks that we do with just to create a shortcut to the command finish also all files and then
run open oh they fix it no power cell
too many consoles too many consoles power so let's change now we are going
to use another console same trick another console open ed is working well
go today and you get access to us it's very complicated because every day the operating system is getting more and more complex and the application that we are publishing through an hour more and more complex please stop stop stop stop stop
how's this don't trust in people from
Sevilla believe me well the question is
that the operating system is more and more complex and the obligation are getting more and more complex so every application that you are publishing through terminal services is a path to your operating system or terminal through terminal services one of our
favorites is the complex application and of course excel is one of the most complex application that companies are publishing through remote application services so the good thing is that Excel
is a very powerful tool and bosses love Excel because you can do a lot of funny graphics and analyze a lot of data connect Excel to databases perform data mining and a lot of things which are very good for the business and the good is that to do all that funny things you
need visual basic for applications if you remove visual basic for application from your Excel your Excel become another kind of application but excellent no more so the idea is that with Excel you can do a lot of things
let's do the first demo dust and in this
in local we got a Windows 2008 with
hyper-v no I with terminal services
sorry and we in this environment we publish Excel 2007 it Excel 2007 the we
then use Excel 2010 because the security policy for micros arm are more or less the same the main difference in security
in office 2010 and FS 2007 is about the sandbox about the security option when you download a file from an unsecured location from the internet and so on but once you you have the file in your machine and your computing the security policies for micros are the same so in this environment we are going to execute just an Excel with macros in a normal environment in a normal environment when accel x is going to be
execute in your local machine the security option by default is that the usual select if wants to execute the
macro or not because the user is running
the macro on his machine but in a
terminal service environment or multiplication environment the security option by the fall which is case by case the usually decide is a bad option because the user is running the visual basic for applications nodding their machine but in the shower machine which is completely different in this environment we are going to execute just a file with visual basic for applications James it is working well
index example we created a panel and
this is the by default option the you should decide ok enable this content on or not ok enabled it's not my machine so
so now you can if the bus came you can
show the graphic this quiz it's a good trick then open the deponent so just you
can do a lot of things with visual vision for application for instant see the process and so on as you can see close do through the you through the
windows management instrumentation instrumentation you can through commands retrieve the results and show it so then on the excel file ok let's close it so
if we go back to the presentation well
after seeing this demo it's clear that you have to take care about the security in effect cell in remote environment one of the first things that system administrator administrators should tend to do is to block some special consoles like comic-con like a PowerShell w I and so on but there are too many console and in windows server 2008 the backup directories copy all those consoles which dad then that him it creates a double problem because you have the double of consoles but in this environment we got in this environment we are going to have all the consoles forbidden we got and using ackles and using salt water station policies we are going to forbid all the consoles and you are going to see but we can use consoles even from other operating system this is a trick that was published by the dr stephens and idea is that you can inject a dll into your excel file and that dll is a common interpreter so just invoking the common interpreter in front your dll you are going to have access to the server so let's do a demo with this so
if we go to the windows server 2008 and
try to tutor a servant and try to execute a comment on it is forbidden
it's forbidden but in the excel file that we are going to open we got a dll
of reactors and also a dll for the
registry race 38 editor of reactors so just open the file and open the common
line now the excel file is extracting the dll to execute it and we are going to obtain the reactors command interpreter actually working i hope well
here it is as you can see we got the reactors command interpreter and is like
the comment like the command interpreter of windows 2008 and an eight more or less the same so this is a good trick so
go back to this life and of course in
the tax manager you cannot see the CMD because it's a dll which had been load
by the excel file so it's not in the in the tax manager the user is only working with Excel which is good for the company
so go back to the slice slice so of
course after seeing this demo send you a
good thing okay we are going to disable
all the markers for for my machine if you use the first policy which is disabled visual basic for application is for all office application not only for Excel is forward PowerPoint access and so on and for Excel you got fourth option the third one is execute all macros which is unsecure the second option is case by case the usage decide of course if the user is the attacker is an unsecured option the third one is no mattress at all so index demo we are
going to select the no macros at all in a excel file publish through a remote
environment so we go to the Windows 2008
and select we are going to to log off the idle connection of the user okay and now we go to the policies and we are going to enable the policy and select no no my crotch no one means for all macros
the third one no one is for a Mac road but disable all macros okay no warning and my clothes off so select that option okay apply the policy okay 15 active
directory is working go back to the client and open the file
and this is one of my favorite tricks so when you open the document when the top and the Oakland is is hoping you will see how it's impossible to execute anything because everything is forbidden
try to do anything now it's forbidden you cannot do anything but there is something special with Excel there are
trusted locations a trusted location is a path in which security policies are not applied so you only need to save the document in a trusted locations and of course the trusted location are in the user profile so let's save the document we are going to use a hostile location in the Duke at you you can have trusted location in the client machine or in the several machines it doesn't matter if the document is opened from a trusted location the all the security policies will disappear so we are going to save in one of the most famous trusted location which is the default book when you open a new file with there is not a template so we are going to copy here save close this document and then close and then open the document from the
ultra state location here it is
well no markers at all is not my curse at all well after seeing this demo there is a solution not just the location at all well after seeing this demo maybe the system administrator can trust in
digitally signed macros only markers that had been digitally signed for a trusted a certification Authority so let's do tomorrow with this in the
example we are we are going to select
the four options remember option or
micro second option kedua case third
option no macros and fourth option is
only digitally signed macros so let's
logo data session and then gugu gugu digitally signed macros okay okay go on
you don't apply okay after the retreat
work we can play minesweeper meanwhile
well we got a digitally signed excel file but it's a self-signed excel file and we are going to attain this message ding
well we obtain a warning because his
self d Daniel cyan't is not fun from
trusted Authority and the one before baby you got help protecting in front
and no content but there is a link a link for show signature details so just click on the link here is the digital
the digital certificate so if we go to view certificate and the certification path we can discover the root of the
certification Authority and we can view the certificate of it so with a
certificate ah we can install the certificate because it's a doucher level
perfect install the certificate next is a juicer level so no problem at all and now the message will change to enable this content and the last one is the the
funny one is closed all documents for this is this is very important because
with this option you can start the third war world war because if the index example we created a Dacia that we install right now and if you installed
this year every document signed by this
year will be okay and in the in the
detail certificate there is a link for
the crl and the crl is a link that could be an HTTP link and ldap link and an HTTP link could be a sequel injection attack so if you install hacia and send an excel file with a digital sign that a macro for to someone relevant in the company and he opened or he or she opened the document ultimately the grid Toby will try to connect to the crl so if you discover for instance a sequel
injection vulnerability in Illinois in the colored China for instance and you
can install one of these rope is here in
one of the DHS machines and you send a file to I user which is working in that machine you can discover who you sir are working in what machine using phouka you
can start the third ball one well just kidding but we are going to do the Des Moines log so in the example that trust
Authority has Ray has now the decir el
so we are going to say to open a net cut
and we are going to send the document to a user in this environment is the same user but the point is that in remote
application environments there are a pool of users that are chair for the rest of the user so we are listening and let's see if the query okay here okay as
you can see there is a message notis PHP ID Phi equal five sat down a minute minnows hello Aurora I don't know whatever so in the end as you can see is
very complex it's very difficult to harden and an environment with remote application so if you get a terminal services environment publishing a lot of publication or a citizen vironment the first thing that you have to do is reevaluate the security of the whole environment reevaluate the security of all documents of course you have to trust it in nobody nothing nobody even in nobody because in some internal in sudden operating system nobody could be dangerous be sure about the doc the application that you are publishing one of the funny things that we discover is that in
terminal services with the TSA terminal services web access lot of administrators are using this option
which is high in terminal server web access that means that if you have a remote application publish on your terminal services this application wants appear in the HTTP panel but the application is still published so if you know the name of the application you can connect to that application and that's
all thanks for standing here