Monthly Archives: January 2012

Genesis – Generic Rootkit Dropper with SSL Support

Quick update to add SSL support to Genesis, my (very) generic rootkit dropper which you can download at http://leetsys.com/programs/genesis/genesis-ssl.zip.  This allows us to download our rootkit over an encrypted tunnel.  Genesis still uses the curl library, however I chose not to compile it statically in this case.  If you wanted to compile this statically you’d have […]

Insider Rogue Certification Authority Attack

Overview The fundamental issue with SSL is that of trust.  Despite all the effort that has gone into a robust and cryptographically secure design for SSL, its foundation is still easily abused.  In this paper I will explain an often-overlooked area of SSL exploitation.  That is the ability for any certificate to act as a […]

Capturing Windows 7 Credentials at Logon Using Custom Credential Provider

For the Eternally Impatient The quick lowdown: I wrote a DLL capable of logging the credentials entered at logon for Windows Vista, 7 and future versions which you can download at http://www.leetsys.com/programs/credentialprovider/cp.zip.  The credentials are logged to a file located at c:\cplog.txt.  Simply copy the dll to the system32 directory and run the included register.reg […]