SHARE

Title:  Windows File Pseudonyms
Speaker:  Dan Crowley
Date: February 5, 2010
Location: Washington, DC
Link to event: http://www.shmoocon.org/

Overview:
In Windows systems, path and filename normalization routines have some interesting quirks. One file can be referred to with many different file paths and names, some well known, and some not so well known. The lesser known ways to refer to files are not often considered when designing security mechanisms. By referring to files in these strange ways, one can, in many circumstances, cause unexpected behavior in systems which do not account for these aliases. These quirks can be used to bypass filters and access control mechanisms, evade IDS detection, reduce entropy when attempting to enumerate filenames by brute-force, and alter the way that files are handled and processed. In this paper, four different quirks about windows files and paths will be discussed: 8.3 aliases; characters which, when appended to file names, are completely ignored; DOS special devices and their personal quirks; and namespace prefixes.

• View the slide deck

Learn more about our security testing software solutions.

• Corporate Overview

Latest Press Releases

• MODCOMP Forms Partnership with CORE Security to Provide Customers with Predictive Security Intelligence Solutions and Consulting Services

• CORE Impact Pro Automates Endpoint OS & Application Vulnerability Assessment and Penetration Testing

Latest In the News

• Adobe Patches Flash Player Bug as Hackers Attack IE for Windows

• Microsoft's 'Patch Tuesday' For May Approaches

Upcoming Webcasts

• Register for a live security testing webcast or watch archived webcasts

Upcoming Events

• Black Hat USA

• SANSFIRE

Press Contacts

Vaughn Harring
Core Security
(617) 645-4322
vharring@coresecurity.com

Lisa Mokaba
Inkhouse
781-966-4108
core@inkhouse.net