DEMO Process Explorer icacls Microsoft Developer Tour MSDev

  • Slides: 55
Download presentation

DEMO Контроль целостности Process Explorer + icacls Microsoft Developer Tour #MSDev. Tour

DEMO Контроль целостности Process Explorer + icacls Microsoft Developer Tour #MSDev. Tour

Где хранятся Windows Store Apps? § C: Program FilesWindows. Apps § По умолчанию владелец

Где хранятся Windows Store Apps? § C: Program FilesWindows. Apps § По умолчанию владелец файлов: Trusted. Installer

WSA Location + имя пользователя C: Program FilesWindows. Apps

WSA Location + имя пользователя C: Program FilesWindows. Apps

DEMO App Container и Low Integrity Level Process Explorer + Broker

DEMO App Container и Low Integrity Level Process Explorer + Broker

Zero day нашли?

Zero day нашли?

Windows XP Internet Explorer 8 Windows 8 Internet Explorer 10 SEHOP Нет Да Protected

Windows XP Internet Explorer 8 Windows 8 Internet Explorer 10 SEHOP Нет Да Protected Mode Нет Да Enhanced Protected Mode (EPM) Нет Да Virtual Table Guard Нет Да ASLR Ограничено Расширенный Stack randomization Нет Да Heap randomization Нет Да Image randomization Нет Да Force image randomization Нет Да Bottom-up randomization Нет Да Top-down randomization Нет Да High-entropy randomization Нет Да PEB/TEB randomization Да Да Heap hardening Ограничено Расширенный Header encoding Нет Да Terminate on corruption Нет Да Guard pages Нет Да Allocation randomization Нет Да Safe unlinking Да Да Header checksum Да Да /GS Да Да Enhanced GS Нет Да Safe SEH Да Да

DEMO EMET Microsoft Developer Tour #MSDev. Tour

DEMO EMET Microsoft Developer Tour #MSDev. Tour

Совет № 5 – Не давайте web контенту работать с Win. RT http: //code.

Совет № 5 – Не давайте web контенту работать с Win. RT http: //code. msdn. microsoft. com/windowsapps/Mashup. Sample-10689 f 5 b

Совет № 6 – аутентифицируйте приложение и пользователя http: //code. msdn. microsoft. com/windowsapps/Web-Authentication-d 0485122

Совет № 6 – аутентифицируйте приложение и пользователя http: //code. msdn. microsoft. com/windowsapps/Web-Authentication-d 0485122 http: //code. msdn. microsoft. com/windowsapps/Password. Vault-f 01 be 74 a

WSA - работа с десктоп приложением Так делать не радо! Win. Clipboard – copy,

WSA - работа с десктоп приложением Так делать не радо! Win. Clipboard – copy, paste, cut, move. 3. 1 Requirement “Your app may only depend on software listed in the Windows Store“. => DON’T use file or protocol association. § http: //iinspectable. wordpress. com/2013/03/08/inter-process-communication-with-file-association-inwinrt-part-2/

Рекомендуемые инструменты WACK - Windows App Certification Kit version 3. 1

Рекомендуемые инструменты WACK - Windows App Certification Kit version 3. 1

Windows App Certification Kit

Windows App Certification Kit

Wintellect Tool § Wintellect Tool - http: //wintellect. com/

Wintellect Tool § Wintellect Tool - http: //wintellect. com/

Где научиться? www. microsoft. com/sdl www. Secunia. org The Simplified Implementation of the SDL

Где научиться? www. microsoft. com/sdl www. Secunia. org The Simplified Implementation of the SDL Блог об SDL MSDN Windows 8 developer blog

Где научиться? § [HOLMES 2010]. Holmes, Graham. (2010, April 05). Cisco CSDL Announcement –

Где научиться? § [HOLMES 2010]. Holmes, Graham. (2010, April 05). Cisco CSDL Announcement – http: //blogs. cisco. com/security/the_cisco_secure_development_lifecycle_an_overview/ § [LANE 2010]. Lane, Adrian. (2010, May 10). Fire. Starter: Secure Development Lifecycle – You’re Doing It Wrong. Securosis. Retrieved December 29 2010, from http: //securosis. com/blog/firestarter-secure-development-lifecycle-your-doing-it-wrong § [LADD 2010]. Ladd, David. (2010, May 11). “Do what Microsoft did, not what they do”. Retrieved December 29 2010, from http: //blogs. msdn. com/b/sdl/archive/2010/05/11/do-whatmicrosoft-did-not-what-they-do. aspx § [LARSON_LADD 2010]. Larson, Larry. Ladd, David. (2010, May 14). Security Talk: Simplified SDL with David Ladd. Channel 9. Retrieved December 29 2010, from http: //channel 9. msdn. com/Blogs/Larry. Larsen/Security-Talk-Simplified-SDL-with-David-Ladd

Контакты Бешков Андрей {Microsoft, CSS Security} abeshkov@microsoft. com; @abeshkov; блог Бешкова

Контакты Бешков Андрей {Microsoft, CSS Security} abeshkov@microsoft. com; @abeshkov; блог Бешкова

Microsoft Developer Tour msdevtour ru Microsoft Developer TourMicrosoft Developer Tour msdevtour ru Microsoft Developer Tour
Microsoft Developer Tour msdevtour ru Microsoft Developer TourMicrosoft Developer Tour msdevtour ru Microsoft Developer Tour
Microsoft Developer Tour msdevtour ru Microsoft Developer TourMicrosoft Developer Tour msdevtour ru Microsoft Developer Tour
Microsoft Developer Tour msdevtour ru Microsoft Developer TourMicrosoft Developer Tour msdevtour ru Microsoft Developer Tour
Microsoft Developer Tour msdevtour ru Microsoft Developer TourMicrosoft Developer Tour msdevtour ru Microsoft Developer Tour
Microsoft Developer Tour msdevtour ru Microsoft Developer TourMicrosoft Developer Tour msdevtour ru Microsoft Developer Tour
Microsoft Developer Tour msdevtour ru Microsoft Developer TourMicrosoft Developer Tour msdevtour ru Microsoft Developer Tour
Microsoft Developer Tour msdevtour ru Microsoft Developer TourMicrosoft Developer Tour msdevtour ru Microsoft Developer Tour
demo demo demo demo demo FT 08 Codedemo demo demo demo demo FT 08 Code
Explorers Whos Who Explorer 1 Explorer 5 ExplorerExplorers Whos Who Explorer 1 Explorer 5 Explorer
Explorers Whos Who Explorer 1 Explorer 5 ExplorerExplorers Whos Who Explorer 1 Explorer 5 Explorer
Introduction to Oracle Developer Oracle Developer Oracle DeveloperIntroduction to Oracle Developer Oracle Developer Oracle Developer
Microsoft Azure Microsoft Microsoft Azure Microsoft Azure MicrosoftMicrosoft Azure Microsoft Microsoft Azure Microsoft Azure Microsoft
OCEAN Demo Nachiket Acharya OCEAN Demo Demo ImplementationOCEAN Demo Nachiket Acharya OCEAN Demo Demo Implementation
BTree Insert and Delete Demo Demo Demo slideBTree Insert and Delete Demo Demo Demo slide
http blogs msdn comcmayo demo demo demo httphttp blogs msdn comcmayo demo demo demo http
OW stelsel Metrokaart DEMO 1 DEMO 2 DEMOOW stelsel Metrokaart DEMO 1 DEMO 2 DEMO
Demo Project reactnative init Demo Project cd DemoDemo Project reactnative init Demo Project cd Demo
Internet Explorer Welcome Parents Internet Explorer sebelumnya MicrosoftInternet Explorer Welcome Parents Internet Explorer sebelumnya Microsoft
Tour dobservation Donut tour de Brighton Angleterre TourTour dobservation Donut tour de Brighton Angleterre Tour
Tour guides Coverage of Presentation Tour Guide TourTour guides Coverage of Presentation Tour Guide Tour
Tour dobservation Donut tour de Brighton Angleterre TourTour dobservation Donut tour de Brighton Angleterre Tour
MAXMOTORS GRAND TOUR GRAND TOUR GRAND TOUR GRANDMAXMOTORS GRAND TOUR GRAND TOUR GRAND TOUR GRAND
Tour Iberico Madrid Tour Iberico Madrid Tour IbericoTour Iberico Madrid Tour Iberico Madrid Tour Iberico