the office demon minos
play

The Office Demon : Minos Jonathan Dechaux dechaux@esiea-ouest.fr - PowerPoint PPT Presentation

Jan 18, 2023 •208 likes •634 views

Outline Introduction (Libre)Office security architecture How to Bypass (Libre)Office security How to infect Office documents Demonstrations Conclusion The Office Demon : Minos Jonathan Dechaux dechaux@esiea-ouest.fr Ecole Suprieure en

  1. Outline Introduction (Libre)Office security architecture How to Bypass (Libre)Office security How to infect Office documents Demonstrations Conclusion The Office Demon : Minos Jonathan Dechaux dechaux@esiea-ouest.fr Ecole Supérieure en Informatique, Electronique et Automatique Operational cryptology and virology Lab. 38 rue des docteurs Calmette & Guerin, 53000 Laval France J. Dechaux The Office Demon : Minos

  2. Outline Introduction (Libre)Office security architecture How to Bypass (Libre)Office security How to infect Office documents Demonstrations Conclusion How to infect Office 4 Introduction 1 documents Cyberwarfare and Documents infection Cyberweapons Static infection (Libre)Office security Dynamic infection 2 architecture Demonstrations 5 Macro Security in MSO Minos interface Macro Security in Scenarii LibreOffice Demos How to Bypass (Libre)Office Work of Minos 3 security Conclusion 6 Proof of concept Conclusion J. Dechaux The Office Demon : Minos

  3. Outline Introduction (Libre)Office security architecture How to Bypass (Libre)Office security Cyberwarfare and Cyberweapons How to infect Office documents Demonstrations Conclusion How to Bypass (Libre)Office 3 security Introduction 1 Cyberwarfare and How to infect Office 4 Cyberweapons documents (Libre)Office security 2 Demonstrations 5 architecture Conclusion 6 J. Dechaux The Office Demon : Minos

  4. Outline Introduction (Libre)Office security architecture How to Bypass (Libre)Office security Cyberwarfare and Cyberweapons How to infect Office documents Demonstrations Conclusion Cyberwarfare and Cyberweapons Reallity of cyberwarfare August 2007: Espionage case of China against German chancelery. 163 Gb of Gouvernemental data stolen through a Trojan-infected Office document. 2009 - 2010: Chinese hackers succeeded in stealing economic and financial data from European Banks, through malicious PDFs. Document as cyberweapons (Open)Office document are good vectors. PDF documents are also used nowadays. J. Dechaux The Office Demon : Minos

  5. Outline Introduction (Libre)Office security architecture How to Bypass (Libre)Office security Cyberwarfare and Cyberweapons How to infect Office documents Demonstrations Conclusion Which applications are concerned? Office 2003, 2007, 2010, 2013 OpenOffice 3.x, LibreOffice 3.x All office applications. J. Dechaux The Office Demon : Minos

  6. Outline Introduction (Libre)Office security architecture How to Bypass (Libre)Office security Cyberwarfare and Cyberweapons How to infect Office documents Demonstrations Conclusion Purpose of Minos How to manage all Office documents and security against users One interface for all applications Cross-platform for different operating systems Static and dynamic infection Make some demos easily J. Dechaux The Office Demon : Minos

  7. Outline Introduction (Libre)Office security architecture How to Bypass (Libre)Office security Cyberwarfare and Cyberweapons How to infect Office documents Demonstrations Conclusion The genesis of Minos A USB Dumper base Improve USB Dumper (functionalities and principle) Manage the security and the documents Static and dynamic infection New design created with Qt (Cross-platform development tool) J. Dechaux The Office Demon : Minos

  8. Outline Introduction (Libre)Office security architecture Macro Security in MSO How to Bypass (Libre)Office security Macro Security in LibreOffice How to infect Office documents Demonstrations Conclusion How to Bypass (Libre)Office 3 security Introduction 1 How to infect Office 4 (Libre)Office security 2 documents architecture Macro Security in MSO Demonstrations 5 Macro Security in LibreOffice Conclusion 6 J. Dechaux The Office Demon : Minos

  9. Outline Introduction (Libre)Office security architecture Macro Security in MSO How to Bypass (Libre)Office security Macro Security in LibreOffice How to infect Office documents Demonstrations Conclusion MSO: Execution level security settings Possible level of security Level 4 (0x00000004): Disable all macros without notification. Level 3 (0x00000002): Disable all macros with notifiation. Level 2 (0x00000003): Disable all macros except digitally signed macros. Level 1 (0x00000001): Enable all macros. J. Dechaux The Office Demon : Minos

  10. Outline Introduction (Libre)Office security architecture Macro Security in MSO How to Bypass (Libre)Office security Macro Security in LibreOffice How to infect Office documents Demonstrations Conclusion MSO: Execution level security settings Location of settings Registery key : HKEY_CURRENT_USER \ Software \ Microsoft \ Office \ < Version > \ < Application > \ Security Application = {Word, Excel, Powerpoint, Access} Version = {11.0, 12.0, 14.0, 15.0} J. Dechaux The Office Demon : Minos

  11. Outline Introduction (Libre)Office security architecture Macro Security in MSO How to Bypass (Libre)Office security Macro Security in LibreOffice How to infect Office documents Demonstrations Conclusion MSO: Trusted Location Definition Trusted location: A trusted location is a directory where macros of documents stored inside are allowed to be executed automatically. Stored in the registry HKEY_CURRENT_USER \ Software \ Microsoft \ Office \ < Version > \ < Application > \ Security \ Trusted Location . trust value. Standalone settings: modifying Word’s settings does not affect other Office program’s settings. J. Dechaux The Office Demon : Minos

  12. Outline Introduction (Libre)Office security architecture Macro Security in MSO How to Bypass (Libre)Office security Macro Security in LibreOffice How to infect Office documents Demonstrations Conclusion LO: Macro Security Security settings Both Macro security level , trusted locations and Macros Application are defined in " registrymodifications.xcu " file at: C: \ Users \ < UserName > \ AppData \ Roaming \ LibreOffice \ 3 \ user Example <item oor:path="/org.openoffice.Office.Common/Security/ Scripting"> <prop oor:op="fuse" oor:name="MacroSecurityLevel"> <value>2</value> </prop> </item> J. Dechaux The Office Demon : Minos

  13. Outline Introduction (Libre)Office security architecture Macro Security in MSO How to Bypass (Libre)Office security Macro Security in LibreOffice How to infect Office documents Demonstrations Conclusion LO: Trusted Location Example Set the root directory as Trusted location <item oor:path="/org.openoffice.Office.Common/Security/ Scripting"> <prop oor:op="fuse" oor:name="SecureURL"> <value> <it>file:///C:/</it> </value> </prop> </item> J. Dechaux The Office Demon : Minos

  14. Outline Introduction (Libre)Office security architecture Macro Security in MSO How to Bypass (Libre)Office security Macro Security in LibreOffice How to infect Office documents Demonstrations Conclusion LO: Macros Application Example Set a macro for all documents who will be opened <item oor:path="/org.openoffice.Office.Events/ ApplicationEvents/Bindings"> <node oor:op="replace" oor:name="OnLoad"> <prop oor:op="fuse" oor:name="BindingURL"> <value> vnd.sun.star.script:Standard.Module1.Main? language=Basic&location=application </value> </prop> </node> </item> J. Dechaux The Office Demon : Minos

  15. Outline Introduction (Libre)Office security architecture How to Bypass (Libre)Office security Proof of concept How to infect Office documents Demonstrations Conclusion Proof of concept Introduction 1 How to infect Office 4 documents (Libre)Office security 2 architecture Demonstrations 5 How to Bypass (Libre)Office 3 security Conclusion 6 J. Dechaux The Office Demon : Minos

  16. Outline Introduction (Libre)Office security architecture How to Bypass (Libre)Office security Proof of concept How to infect Office documents Demonstrations Conclusion MSO case Change to the lowest level: 0 Interesting Keys: HKEY_CURRENT_USER Path: Software \\ Microsoft \\ Office \\ 14.0 \\ Word \\ Security Windows API: RegSetValueEx, RegCreateKeyEx, RegCloseKey Example RegCreateKeyEx(HKEY_CURRENT_USER, path, 0, KEY_ALL_ACCESS, &hkey); RegSetValueEx(hKey, warning, 0, REG_WORD, (const BYTE*)nNumber, sizeof(number)); RegCloseKey(hkey); J. Dechaux The Office Demon : Minos

  17. Outline Introduction (Libre)Office security architecture How to Bypass (Libre)Office security Proof of concept How to infect Office documents Demonstrations Conclusion MSO case Set the directory c: \ Users as a Trusted Location. KEY: HKEY_CURRENT_USER Path: Software \\ Microsoft \\ Office \\ 14.0 \\ Word \\ Security \\ Trusted Locations \\ Location3 Example RegCreateKeyEx(HKEY_CURRENT_USER,path, 0, NULL, REG_OPTION_NON_VOLATILE, KEY_ALL_ACCESS, NULL, &hkey, NULL) J. Dechaux The Office Demon : Minos

  18. Outline Introduction (Libre)Office security architecture How to Bypass (Libre)Office security Proof of concept How to infect Office documents Demonstrations Conclusion MSO case Set the directory c: \ Users as a Trusted Location. Example RegSetValueEx(hKey, description, 0, REG_SZ, (const BYTE*)("1"), 32); RegSetValueEx(hKey, path_t, 0, REG_SZ, (const BYTE*)TEXT("C:\\Users\\"), 32); RegSetValueEx(hKey, allow, 0, REG_DWORD, (const BYTE*)&number, sizeof(number)); RegCloseKey(hkey); J. Dechaux The Office Demon : Minos

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

MINOS Neutrino Oscillation Results and the new NO A experiment Alec Habig, for the MINOS &amp;

MINOS Neutrino Oscillation Results and the new NO A experiment Alec Habig, for the MINOS &amp;

NuMI MINOS MINOS Neutrino Oscillation Results and the new NO A experiment Alec Habig, for the MINOS &amp; NO A Collaborations Univ. of Birmingham, Oct. 20 2010 Argonne Athens Benedictine Brookhaven Caltech Cambridge

671 views • 65 slides
MINOS+ Results and Future Plans A.P. Schreckenberger The University of Texas at Austin (On

MINOS+ Results and Future Plans A.P. Schreckenberger The University of Texas at Austin (On

MINOS+ Results and Future Plans A.P. Schreckenberger The University of Texas at Austin (On behalf of the MINOS and MINOS+ Collaborations) Why we are excited MINOS/MINOS+ makes use of the NuMI beam Most powerful neutrino beam in

586 views • 35 slides
Exploring three-flavor neutrino oscillations with MINOS Joo A. B. Coelho for the MINOS

Exploring three-flavor neutrino oscillations with MINOS Joo A. B. Coelho for the MINOS

Exploring three-flavor neutrino oscillations with MINOS Joo A. B. Coelho for the MINOS Collaboration Tufts University 2 May 2014 Coelho, J. A. B. (Tufts) MINOS BNL Colloquium 1.1/ 39 Outline Neutrino oscillations MINOS overview

1.6k views • 80 slides
Results from the MINOS Experiment Gregory Pawloski Stanford University On behalf of the MINOS

Results from the MINOS Experiment Gregory Pawloski Stanford University On behalf of the MINOS

Results from the MINOS Experiment Gregory Pawloski Stanford University On behalf of the MINOS Collaboration FNAL Users' Meeting 2009-6-3 MINOS Collaboration 140 Physicists from 28 institutions Argonne Athens Benedictine

500 views • 35 slides
Recent Results from the MINOS Experiment Costas Andreopoulos (*) * for the MINOS collaboration

Recent Results from the MINOS Experiment Costas Andreopoulos (*) * for the MINOS collaboration

Recent Results from the MINOS Experiment Costas Andreopoulos (*) * for the MINOS collaboration Double Beta Decay &amp; Neutrinos 2007 (DBD07), June 11-13, Osaka, Japan Outline Introduction Neutrino Oscillations Outline Open

505 views • 36 slides
Maxwells demon nano HUB .org online simulations and more Electronic demon &lt;---- L ----&gt;

Maxwells demon nano HUB .org online simulations and more Electronic demon &lt;---- L ----&gt;

CQT Lecture #1 nano HUB .org online simulations and more Unified Model for CQT, Lecture#1: Quantum Transport Nanodevices and Maxwells Far from Equilibrium Demon s Objective: To illustrate the subtle interplay of dynamics and

626 views • 25 slides
Eph. 6:11, Put on the full armor of God, so that you will be able to stand firm against the

Eph. 6:11, Put on the full armor of God, so that you will be able to stand firm against the

Satans Assaults on the Human Race D IRECT A SSAULTS Gen Matt Gen 3 4 6 Demon Demon Possession Possession Three Final Demon Gog Assaults &amp; Magog I NDIRECT A SSAULTS Revolt Eph. 6:11, Put on the full armor of God, so that

287 views • 17 slides
Recent neutrino oscillation results from MINOS Istvan Danko University of Pittsburgh (on behalf

Recent neutrino oscillation results from MINOS Istvan Danko University of Pittsburgh (on behalf

Recent neutrino oscillation results from MINOS Istvan Danko University of Pittsburgh (on behalf of the MINOS collaboration) NNN2010 NNN2010 - Minos Results 1 Outline MINOS and NuMI beam Recent results: disappearance

612 views • 40 slides
Searching for Sterile Neutrinos with MINOS 51th Rencontres de Moriond EW2016 Ashley Timmons on

Searching for Sterile Neutrinos with MINOS 51th Rencontres de Moriond EW2016 Ashley Timmons on

Searching for Sterile Neutrinos with MINOS 51th Rencontres de Moriond EW2016 Ashley Timmons on behalf of the MINOS/MINOS+ collaboration 1 Intro - Neutrino Oscillations Neutrino oscillations arise from mixture of mass and flavour eigenstates X

720 views • 45 slides
Paper Swords I Timothy 4:1-8 The Deception of Demon-Doctrines The deadliest form of evil to

Paper Swords I Timothy 4:1-8 The Deception of Demon-Doctrines The deadliest form of evil to

Paper Swords I Timothy 4:1-8 The Deception of Demon-Doctrines The deadliest form of evil to beware of, is that which has the appearance of good. deception: appears to lead you toward holiness, but eventually leads you astray demon-possession :

394 views • 6 slides
How we get things done at MINOS Gregory Pawloski Stanford University 03/10/09 Computing for

How we get things done at MINOS Gregory Pawloski Stanford University 03/10/09 Computing for

How we get things done at MINOS Gregory Pawloski Stanford University 03/10/09 Computing for Neutrino Experiments 1 MINOS specifics Purpose 2 detector, long baseline, oscillation experiment , e ,

475 views • 22 slides
MINOS detector and tracking Rashid Mehdiyev, UT Austin Apr, 27, 2011 MINOS Overview Main

MINOS detector and tracking Rashid Mehdiyev, UT Austin Apr, 27, 2011 MINOS Overview Main

MINOS detector and tracking Rashid Mehdiyev, UT Austin Apr, 27, 2011 MINOS Overview Main Injector Neutrino Oscilla3on Search Neutrinos at the Main Injector (NuMI) beam at Fermilab Two detectors: Near detector at Fermilab

497 views • 24 slides
King Minos Reemerging in the U.S. Psyche Katherine Bailes, JD PhD Review the mythic

King Minos Reemerging in the U.S. Psyche Katherine Bailes, JD PhD Review the mythic

Ancient Archetype King Minos Reemerging in the U.S. Psyche Katherine Bailes, JD PhD Review the mythic character of King Minos Identify the results of his refusal of the call to adventure in Campbells monomyth, including

318 views • 17 slides
Opera&amp;onal Status of MINOS+ Fermilab Opera&amp;ons Review 8

Opera&amp;onal Status of MINOS+ Fermilab Opera&amp;ons Review 8

Opera&amp;onal Status of MINOS+ Fermilab Opera&amp;ons Review 8 February, 2013 Rob PlunkeD, PPD Introduc&amp;on MINOS+ collabora&amp;on Readiness of near

751 views • 40 slides
MINOS Results and Future Prospects Jeff Hartnell Rutherford Appleton Laboratory, UK (on behalf

MINOS Results and Future Prospects Jeff Hartnell Rutherford Appleton Laboratory, UK (on behalf

MINOS Results and Future Prospects Jeff Hartnell Rutherford Appleton Laboratory, UK (on behalf of the MINOS Collaboration) Presented 6 th February 2007 at The 6th KEK Topical Conference: Frontiers in Particle Physics and Cosmology (KEKTC6)

600 views • 38 slides
Constructing the World Lecture 1: A Scrutable World David Chalmers Plan *1. Laplaces demon

Constructing the World Lecture 1: A Scrutable World David Chalmers Plan *1. Laplaces demon

Constructing the World Lecture 1: A Scrutable World David Chalmers Plan *1. Laplaces demon 2. Primitive concepts and the Aufbau 3. Problems for the Aufbau 4. The scrutability base 5. Applications Laplaces Demon An intellect which

744 views • 52 slides
Liebert GXT3 Solution by GSE UPS Topologies Stand-by / Offline Line Interactive

Liebert GXT3 Solution by GSE UPS Topologies Stand-by / Offline Line Interactive

Liebert GXT3 Solution by GSE UPS Topologies Stand-by / Offline Line Interactive On-Line Double Conversion UPS Topologies Stand-by Inexpensive, economical Effective Power Conditioner TRANSFER TVSS &amp; SWITCH EMI /

1.03k views • 40 slides
Presentations and PowerPoint V-1.2 Computer Fundamentals V-1.3 LESSON 1 Creating a

Presentations and PowerPoint V-1.2 Computer Fundamentals V-1.3 LESSON 1 Creating a

V-1.1 PART V Presentations and PowerPoint V-1.2 Computer Fundamentals V-1.3 LESSON 1 Creating a Presentation

131 views • 11 slides
OHIO TRAFFIC SAFETY OFFICE FFY 2017 Proposal Guidelines Presentation FFY 2017 Solicitation

OHIO TRAFFIC SAFETY OFFICE FFY 2017 Proposal Guidelines Presentation FFY 2017 Solicitation

OHIO TRAFFIC SAFETY OFFICE FFY 2017 Proposal Guidelines Presentation FFY 2017 Solicitation Package The FFY 2017 Solicitation Package is available in PDF format online at http://ghsogrants.dps.ohio.gov On the left side, click on Traffic

905 views • 63 slides
Medicaid Advisory Committee April 27 th , 2016 Oregon State Library Salem, Oregon Time Item

Medicaid Advisory Committee April 27 th , 2016 Oregon State Library Salem, Oregon Time Item

Medicaid Advisory Committee April 27 th , 2016 Oregon State Library Salem, Oregon Time Item Presenter 9:00 Opening Remarks Co-Chairs Beth Englander, 9:10 Oregon Health Plan (OHP) Oregon Law Center Oregon ONEligibilty Sarah Miller, OHA

822 views • 39 slides
LAS Links Online Administration Training 1 Coordinator and Proctor Training Agenda Training

LAS Links Online Administration Training 1 Coordinator and Proctor Training Agenda Training

LAS Links Online Administration Training 1 Coordinator and Proctor Training Agenda Training Part 1: Pretest activities (preparing to test) Training Part 2: Proctoring the test (student experience) Training Part 3: Post test

1.05k views • 85 slides
10:00am until 1:00pm University of Mount Olive Welcome and Overview Karen Salacki - Cultural

10:00am until 1:00pm University of Mount Olive Welcome and Overview Karen Salacki - Cultural

Eastpointe November 18, 2015 10:00am until 1:00pm University of Mount Olive Welcome and Overview Karen Salacki - Cultural Diversity News Eastpointe Provider Network Council Barry Dixon External Operations Updates Karen Salacki Member

1.37k views • 101 slides
CITY CYCLES UX PROJECT Key Takeaways, UX Solutions &amp; Proposed Next Steps By: Joy Fonderson

CITY CYCLES UX PROJECT Key Takeaways, UX Solutions &amp; Proposed Next Steps By: Joy Fonderson

CITY CYCLES UX PROJECT Key Takeaways, UX Solutions &amp; Proposed Next Steps By: Joy Fonderson AGENDA 1. INTRODUCTION 2. KEY TAKEAWAYS &amp; SOLUTIONS 3. PROPOSED NEXT STEPS 4. CONCLUSION INTRODUCTION About this UX project: City Cycles

390 views • 8 slides
875450 4K Presentation switch 7/2 User Manual 875450 4K Presentation switch 7/2 User Manual Thank

875450 4K Presentation switch 7/2 User Manual 875450 4K Presentation switch 7/2 User Manual Thank

875450 4K Presentation switch 7/2 User Manual 875450 4K Presentation switch 7/2 User Manual Thank you for purchasing this product. For optimum performance and safety, please read these instructions carefully before connecting, operating or

363 views • 20 slides

More recommend