Malware development part 4

Introduction

This is the fourth post of a series which regards the development of malicious software. In this series we will explore and try to implement multiple techniques used by malicious applications to execute code, hide from defenses and persist.

Read More

Malware development part 3

Introduction

This is the third post of a series which regards development of malicious software. In this series we will explore and try to implement multiple techniques used by malicious applications to execute code, hide from defenses and persist.

Read More

Malware development part 2

Introduction

This is the second post of a series which regards development of malicious software. In this series we will explore and try to implement multiple techniques used by malicious applications to execute code, hide from defenses and persist.

Read More

Malware development part 1

Introduction

This is the first post of a series which regards development of malicious software. In this series we will explore and try to implement multiple techniques used by malicious applications to execute code, hide from defenses and persist.

Read More

Abusing COM objects

Quick introduction

Component Object Model is a Windows binary interface for inter-process communication. Communication is performed in a form of client-server interaction - a client can call methods provided by a COM object (acting as a server) by referencing the COM object by pointer or reference.
Applications can implement COM interface in multiple ways - the bottom line is that the binary (compiled) object must provide methods for other processes to interact with. Such methods can be used for anything - for example, MS Office applications serve interfaces (APIs) for document creation, manipulation etc.
COM classes can be identified by CLSID or name. COM object is of course an instance of specific COM class.

Read More