46516
96
Zoom out
Zoom in
Previous page
1/100
Next page
Appendix C: Penetration Techniques
Appendix C: Penetration Techniques
96
Outpost Firewall Pro allows to control the following actions:
Components injection
Windows operating system by design enables installing system interceptors (hooks)
through which foreign code can be injected into other processes. Usually this technique is
used to perform common, legitimate actions, for example, switching the keyboard layout or
launching a PDF file within the web browser window. However, it can be likewise used by
malicious programs to embed malicious code and thus hijack the host application. An
example of leak test using such technique to stage a simulated attack is a PC Audit
program (
http://www.pcinternetpatrol.com/).
Outpost Firewall Pro controls the installation of a hook interceptor in a process's address
space. This is implemented via the interception of functions that are typically used by
malicious processes (Trojans, spyware, viruses, worms etc.) to implant their code into
legitimate processes (i.e. Internet Explorer or Firefox). The behavior of a DLL file
invoking such functions is considered suspicious and triggers legitimacy verification.
Control over another application
DDE technology is used to control applications. Most famous browsers are DDE servers
and can be used by malicious programs to transfer private information into the network.
One example of this technique is Surfer leak test
(
http://www.firewallleaktester.com/leaktest15.htm). ZABypass is another example of a
leak test using this method.
With Outpost Firewall Pro, every attempt to use the DDE intercommunication is monitored
with no exclusion, whether the process is open or not. DDE inter process communication
control enables Outpost Firewall Pro to control the methods used by applications to get
control over the legitimate processes. It prevents malware from hijacking the legitimate
program and checks whether such DDE-level interactivity is allowed to be performed upon
the network-enabled applications. In case such attempt is detected, it triggers legitimacy
verification.
Application window control
Windows allows applications to exchange window messages between processes. Malicious
processes can get control over other network-enabled applications sending them window
messages and imitating user input from keyboard and mouse clicks. The example of using
this technique is Breakout leaktest (
http://www.firewallleaktester.com/leaktest16.htm).
96


Need help? Post your question in this forum.

Forumrules


Report abuse

Libble takes abuse of its services very seriously. We're committed to dealing with such abuse according to the laws in your country of residence. When you submit a report, we'll investigate it and take the appropriate action. We'll get back to you only if we require additional details or have more information to share.

Product:

For example, Anti-Semitic content, racist content, or material that could result in a violent physical act.

For example, a credit card number, a personal identification number, or an unlisted home address. Note that email addresses and full names are not considered private information.

Forumrules

To achieve meaningful questions, we apply the following rules:

Register

Register getting emails for Outpost Firewall Versie 4.0 at:


You will receive an email to register for one or both of the options.


Get your user manual by e-mail

Enter your email address to receive the manual of Outpost Firewall Versie 4.0 in the language / languages: English as an attachment in your email.

The manual is 2,59 mb in size.

 

You will receive the manual in your email within minutes. If you have not received an email, then probably have entered the wrong email address or your mailbox is too full. In addition, it may be that your ISP may have a maximum size for emails to receive.

The manual is sent by email. Check your email

If you have not received an email with the manual within fifteen minutes, it may be that you have a entered a wrong email address or that your ISP has set a maximum size to receive email that is smaller than the size of the manual.

The email address you have provided is not correct.

Please check the email address and correct it.

Your question is posted on this page

Would you like to receive an email when new answers and questions are posted? Please enter your email address.



Info