Tricks To Bypass Device Control Protection Solutions

Advertisement

Preface

As I wrote in a previous blog post, I had an engagement last year where my task was to exfiltrate data from a workstation on some sort of storage media. The twist in that task was Lumension Sanctuary Device Control, and the version was 4.3.2, but I am not sure how newer version work and this seems to be a more general problem with device control solution, for example with Symantec products.

But what is a device control solution? In short, they audit I/O device use and block the attempts to use unauthorized devices. This includes hardware such as USB, PS/2, FireWire, CD/DVD so basically every I/O port of a computer. In my opinion, these are pretty good things and they offer a better looking solution than de-soldering the I/O ports from the motherboards or hot-gluing them, but on the other hand, they can be bypassed.

Bypass

OK, so what is the problem? Well the way these device control solutions work is that they load a few kernel drivers to monitor the physical ports of the machine. However... when you boot up the protected computer in safe mode, depending on the device control solution software, some of these drivers are not loaded (or if you are lucky, none of those modules will be loaded...) and this opens up the possibility to exfiltrate data.

In theory, if you have admin (SYSTEM maybe?) privileges, you might as well try to unload the kernel drivers. Just do not forget, that these device control solutions also have a watchdog process, that checks the driver and automatically loads it back if it is unloaded, so look for that process and stop or suspend it first.

In my case with the Lumension Sanctuary Device Control, I have found that when I boot the Workstation protected by the device control software in Safe Mode where, software's key logger protection module is not running... so I was still unable to use a USB stick, or a storage media, but I could plug in a keyboard for example...hmmm :)

As some of you probably already figured it out, now it is possible to use a pre-programmed USB HID, for example a Teensy! : ) I know about three different project, that uses this trick like these two mentioned in a Hackaday post, or this one. Unfortunately, the site ob-security.info no longer seems to be available (well, at least it is no longer related to infosec :D ), but you can still find the blog post and the files with the Wayback Machine.

For the hardware part, the wiring of the Teensy and the SD card adaptor is the same as I showed in the post on Making a USB flash drive HW Trojan or in the Binary deployment with VBScript, PowerShell or .Net csc.exe compiler post, so I will not copy it here again.

I have to note here that there are other ways to bypass these device control solutions, like the method what Dr. Phil Polstra did with the USB Impersonator, which is basically looks for an authorized device VID/PID and then  impersonates that devices with the VID/PID.

Mitigation

Most probably, you will not need safe mode for the users, so you can just disable it... I mean, it is not that easy, but luckily there is a great blog post on how to do that. BTW, the first page of the post is for Windows XP, but you are not using XP anymore, aren't you? ;)

Alternatively, as I mentioned at the beginning, you might as well use some physical countermeasure (de-soldering/hot-gluing ports). That shit is ugly, but it kinda works.

Conclusion

Next time you will face a device control solution, try out these tricks, maybe they will work, and if they do, well, that's a lot of fun. :)

But don't get me wrong, these device control solutions and similar countermeasures are a good thing and you should use something like this! I know that they make doing business a bit harder as you are not able to plugin whatever USB stick you want, but if you buy a pile of hardware encrypted flash drives, and only allow  those to be plugged in, you are doing it right ;)

Continue reading

  1. Pentest Tools Nmap
  2. Pentest Tools For Windows
  3. Tools For Hacker
  4. Hacking Apps
  5. Hacker Tools For Pc
  6. Pentest Tools Android
  7. Physical Pentest Tools
  8. Hacking Apps
  9. Hacking Tools Free Download
  10. Hack And Tools
  11. Hack Tool Apk
  12. Hacking Tools
  13. Hacker Tools Free
  14. Pentest Tools For Mac
  15. Pentest Tools List
  16. Hacker Tools Windows
  17. Hacking Tools For Kali Linux
  18. Hacking Tools For Games
  19. Hacker Tools Free Download
  20. Hack Tools
  21. Hacker Tools Linux
  22. Hacker Tools Apk Download
  23. Hacks And Tools
  24. Pentest Tools Subdomain
  25. Best Hacking Tools 2019
  26. Github Hacking Tools
  27. Hack Tools For Mac
  28. Black Hat Hacker Tools
  29. Hacker Tools Github
  30. Hacking Tools Download
  31. How To Install Pentest Tools In Ubuntu
  32. Hacker Tools Free Download
  33. Pentest Tools Url Fuzzer
  34. Hack Tool Apk No Root
  35. Hacker Tools Github
  36. New Hacker Tools
  37. Hacker Tools 2019
  38. Best Hacking Tools 2019
  39. Hacker Tools Online
  40. Hacking Tools Windows 10
  41. Computer Hacker
  42. Hacker Tools For Mac
  43. Pentest Tools For Windows
  44. Top Pentest Tools
  45. Pentest Tools List
  46. Hacking Tools For Kali Linux
  47. Pentest Tools Alternative
  48. Hacker
  49. Pentest Tools Nmap
  50. Hacker Tools Apk
  51. Install Pentest Tools Ubuntu
  52. Hacking Tools Hardware
  53. Hacker Tools Free Download
  54. Hacking Tools Hardware
  55. Hack Tools Download
  56. Pentest Tools Tcp Port Scanner
  57. Nsa Hack Tools
  58. Hack Tools Pc
  59. Hacker Tools List
  60. Hacking App
  61. Hacking Tools Mac
  62. Pentest Tools For Android
  63. Hacker Tools Github
  64. Hacker Tools Github
  65. Pentest Tools Subdomain
  66. Hacking Tools Download
  67. Hacker Tools Github
  68. Game Hacking
  69. Pentest Tools Bluekeep
  70. Hacks And Tools
  71. Hacker Tools Hardware
  72. Hacker Tools For Mac
  73. Hack And Tools
  74. Pentest Tools Android
  75. Hacker Tools Free
  76. Pentest Automation Tools
  77. Tools Used For Hacking
  78. Hak5 Tools
  79. World No 1 Hacker Software
  80. Pentest Tools For Android
  81. Nsa Hack Tools Download
  82. Hack App
  83. Bluetooth Hacking Tools Kali
  84. Hack Rom Tools
  85. Github Hacking Tools
  86. Pentest Tools Nmap
  87. Hacking Tools Windows
  88. Tools For Hacker
  89. Pentest Tools Apk
  90. Hacker Tools Online
  91. Hacking Tools For Pc
  92. Hacking Tools Mac
  93. Bluetooth Hacking Tools Kali
  94. Pentest Tools Port Scanner
  95. Hacking Tools Pc
  96. Hack Tools For Ubuntu
  97. Hack And Tools
  98. Pentest Tools
  99. Hacking Tools For Pc
  100. Pentest Tools Kali Linux
  101. Tools For Hacker
  102. Kik Hack Tools
  103. New Hacker Tools
  104. Hacker Tools List
  105. Hack Tools Download
  106. Hacker Tools For Mac
  107. Hacker Tools
  108. Hacking Tools
  109. Hack Tool Apk No Root
  110. Hack Tools
  111. Pentest Tools Free
  112. Hacker Tools 2020
  113. Hack Website Online Tool
  114. Hacking Tools
  115. Hacking Tools Free Download
  116. Best Hacking Tools 2019
  117. Nsa Hack Tools
  118. Hacker Search Tools
  119. Hacking Tools Download
  120. Hacking Tools Pc
  121. Pentest Tools Website Vulnerability
  122. Hacking App
  123. Pentest Tools Nmap
  124. Black Hat Hacker Tools
  125. Underground Hacker Sites
  126. Hacker Tools 2019
  127. Pentest Tools For Ubuntu
  128. Hackers Toolbox

Arsip Blog

Copyright © 2009 - - Kiamat | Coin Free Faucet Claim | Firebug Theme by Blog Oh! Blog | Converted to Blogger Template by ThemeLib.com | Jasa Promosi Online - Tukar Link Gratis