-
Love for Microsoft Component Object Model, RPC and AMSI attack surface
TLDR AMSI The Component How to identify a component? The components that implement COM interfaces need to be registered as Computer\HKEY_CLASSES_ROOT\CLSID\{<GUID>} in the Windows Registry. This is a convenient way to locate the dll/exe components, so that apis like CoCreateinstance() can go and fetch components by using GUID values from library, and instantiate the interface.…
-
I hate you COM – Pitfalls of COM object activation
Background This is not a Windows COM 101, readers are expected to have a decent understanding of COM and CLR hosting internals Dotnet unamanged-api is not a stranger to Offssec tool developers, it enables developers to tinker with managed processes and the CLR itself from within a native process(say c/c++). You can see the whole…