Search found 60 matches

by Victor43
Thu Jan 25, 2018 5:34 am
Forum: General Discussion
Topic: Developing a Sandbox for Windows
Replies: 9
Views: 11650

Re: Developing a Sandbox for Windows

I have another question about Sandbox design. Other than the avenues of interception of untrusted code what else is there involved in the overall design of a sandbox ?
by Victor43
Tue Jan 16, 2018 3:35 am
Forum: General Discussion
Topic: Developing a Sandbox for Windows
Replies: 9
Views: 11650

Re: Developing a Sandbox for Windows

@Vrtule thank you for follow-up. It's very much appreciated.
by Victor43
Wed Jan 10, 2018 11:54 pm
Forum: General Discussion
Topic: Developing a Sandbox for Windows
Replies: 9
Views: 11650

Re: Developing a Sandbox for Windows

You should really know the interfaces you are using. Although they might look really nicely in the documentation but they implementation might have certain drawbacks. For example, on Windows 7 and older, when filtering certain types of registry operations (e.g. registry value deletion), some data a...
by Victor43
Mon Jan 08, 2018 11:36 pm
Forum: General Discussion
Topic: Developing a Sandbox for Windows
Replies: 9
Views: 11650

Re: Developing a Sandbox for Windows

@Vrtule thank you. Since you had an opportunity to work with a sandbox can you tell me if a sandbox is done right what are the chances of exploits passing through the sandbox and able to make unauthorized changes to the system ? Second question what do you know of cloud based sandboxing ?
by Victor43
Sun Jan 07, 2018 11:01 pm
Forum: General Discussion
Topic: Developing a Sandbox for Windows
Replies: 9
Views: 11650

Re: Developing a Sandbox for Windows

@Vrtule thank you. Can you tell me one thing where can these special functions be placed ? Would they require to be placed inside a separate driver file just designed for the sandbox or could they be placed inside a WFP driver file (driver file designed to filter TCP traffic) ? I'm interested in san...
by Victor43
Sun Jan 07, 2018 6:53 am
Forum: General Discussion
Topic: Developing a Sandbox for Windows
Replies: 9
Views: 11650

Developing a Sandbox for Windows

Two questions to ask. 1. Does WFP have a Registry Callback which allows all registry calls at user and kernel level to be filtered and 2. How to intercept a thread from creating a thread or process ?
by Victor43
Sat Jan 06, 2018 5:27 am
Forum: General Discussion
Topic: Hooking Memory Controller Routines
Replies: 4
Views: 6102

Re: Hooking Memory Controller Routines

Happy New Year ! If the memory controller was indeed hooked and an attempt to capture every read/write/execute is made then would it not be possible to know which thread is accessing which memory cell and every detail associated with the request such as Thread PID 00232 accessing Memory location x02...
by Victor43
Sat Dec 30, 2017 4:32 am
Forum: General Discussion
Topic: Modify Incoming TCP Packet Sent to the Browser
Replies: 7
Views: 9362

Re: Modify Incoming TCP Packet Sent to the Browser

In the comments listed (see TLInspectALEConnectClassify function) within the inspect.c file has the following statements as seen below: Can anyone tell me what is re-auth in the inspect MSDN sample ? What is the meaning of this terminology ? // The classify is the re-authorization for an existing co...
by Victor43
Thu Dec 14, 2017 12:22 am
Forum: General Discussion
Topic: Modify Incoming TCP Packet Sent to the Browser
Replies: 7
Views: 9362

Re: Modify Incoming TCP Packet Sent to the Browser

Vrtule thank you again.
by Victor43
Mon Dec 11, 2017 9:41 pm
Forum: General Discussion
Topic: Modify Incoming TCP Packet Sent to the Browser
Replies: 7
Views: 9362

Re: Modify Incoming TCP Packet Sent to the Browser

For XP, you probably need to develop a TDI filter driver (attach over devices of the Tdx driver and filter/modify their communication). It also kind of works on newer versions of Windows (Vista+) but it is deprecated there so it is best not to rely on it. Thank you again. Would a NDIS intermediate ...