Hard_Configurator - Windows Hardening Configurator

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,594
Hi @Andy Ful
i want to know if there are away to export the rules you writes as white listed for firewall hardening to some readable format Text or html format
i am carious about these rules :):)
Not in H_C. But, you can export the SRP Registry key:
HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths
 

DDE_Server

Level 22
Verified
Top Poster
Well-known
Sep 5, 2017
1,173
Not in H_C. But, you can export the SRP Registry key:
HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths
So there is no method to export it in readable format
I want to know the rules (basic windows functionality process and required ports you allowed when you hardcoded these rules however thatnks for your reply
You created the rules by experience or have some documentation about these process 🤔🤔😃😃?? I know that the question in the know how however I am interested
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,594
I mean the internal PDF feature, not external plugins. In Firefox that was isolated, so i guess it's in Chromium-Edge too and even better?
This internal feature can be exploited similarly to a plugin. The PDF document opened by Edge can exploit the Edge process and Edge has access to the Internet.
If you will open the PDF document in PDF Reader (AppContainer), then exploiting the app is far less probable and you can block the Internet access.
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,594
So there is no method to export it in readable format
On the contrary, it is very readable just like any txt file.
[/QUOTE]
...
You created the rules by experience or have some documentation about these process 🤔🤔😃😃??
[/QUOTE]
Both. You can read examples of using SRP rules in H_C documentation:
 

DDE_Server

Level 22
Verified
Top Poster
Well-known
Sep 5, 2017
1,173
On the contrary, it is very readable just like any txt file.
...
You created the rules by experience or have some documentation about these process 🤔🤔😃😃??
[/QUOTE]
Both. You can read examples of using SRP rules in H_C documentation:
[/QUOTE]
Thanks a lot @Andy Ful for your patient to reply my questions i just love to learn. i am learning web development through udemy (hope i complete the whole course)
also is it opensource ?? in which language you wrote it :) :) ?
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,594
...
in which language you wrote it :) :) ?
A few years ago H_C was intended to be a simple working GUI, so I chose AutoIt to build it. If I would know that H_C will become as complex as today, then I would choose another language.
But, in this way, I learned AutoIt which was completely new to me.:)
 

DDE_Server

Level 22
Verified
Top Poster
Well-known
Sep 5, 2017
1,173
A few years ago H_C was intended to be a simple working GUI, so I chose AutoIt to build it. If I would know that H_C will become as complex as today, then I would choose another language.
But, in this way, I learned AutoIt which was completely new to me.:)
that the main requirement of any developer to be adaptable to learning never stuck for certain language or framework
my dream to work as a developer however i want to participate with a team
i learned many language and stuck at OOP as i lose motivation i want to build projects with a team and push code and learn version control system
i learned python C,C++ but stuck at the same point
i want to create a tool has good output. i plan to learn algorithm but it will require time. i chose web development to has an output help me step ahead
however this is difficult as i do that beside my main job (Electrical engineer)
 

ErzCrz

Level 23
Verified
Top Poster
Well-known
Aug 19, 2019
1,222
This internal feature can be exploited similarly to a plugin. The PDF document opened by Edge can exploit the Edge process and Edge has access to the Internet.
If you will open the PDF document in PDF Reader (AppContainer), then exploiting the app is far less probable and you can block the Internet access.

Thanks for this. Downloaded Adobe Acrobat DC Reader. Though tempted by Foxit as well.
 

Sampei Nihira

Level 6
Verified
Well-known
Dec 26, 2019
287
This internal feature can be exploited similarly to a plugin. The PDF document opened by Edge can exploit the Edge process and Edge has access to the Internet.
If you will open the PDF document in PDF Reader (AppContainer), then exploiting the app is far less probable and you can block the Internet access.

If the malicious PDF opens the browser, it still gets internet access.
Two old analyzes of Didier Stevens regarding PDFs:



Although the Shell Extensions problem will be obsolete today I have to admit that it has stayed with me.
I think it is interesting for young MT users to read.;)

Good night my friend.
 
F

ForgottenSeer 85179

If the malicious PDF opens the browser, it still gets internet access.
Two old analyzes of Didier Stevens regarding PDFs:



Although the Shell Extensions problem will be obsolete today I have to admit that it has stayed with me.
I think it is interesting for young MT users to read.;)

Good night my friend.
These posts are from 2008/ 2009.
Don't think that this work nowadays with restrictions like AppContainer
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,594
If the malicious PDF opens the browser, it still gets internet access.
...
If the malicious PDF can exploit the reader and run something, then there are several ways to get Internet access. You do not need the web browser for that.
If one does not want to open URLs embedded in the document and the Reader does not alert opening the URLs, then Exploit Protection can be used to block child processes.
 
Last edited:

DDE_Server

Level 22
Verified
Top Poster
Well-known
Sep 5, 2017
1,173
If the malicious PDF can exploit the reader and run something, then there are several ways to get Internet access. You do not need the web browser for that.

it could abuse legit process for example one of the reader services which request internet access for example update services or crashing reporting services
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,594
it could abuse legit process for example one of the reader services which request internet access for example update services or crashing reporting services
This is possible but would require high privileges. It is much easier to use a simple script to download/execute something malicious with standard rights. Obtaining high privileges by an exploit is not so common.
 

DDE_Server

Level 22
Verified
Top Poster
Well-known
Sep 5, 2017
1,173
This is possible but would require high privileges. It is much easier to use a simple script to download/execute something malicious with standard rights. Obtaining high privileges by an exploit is not so common.
but if the abused process has administrative privilege woud not that be possible ? almost all software require administrative right during installation and this give their services the same rights (which include firewall modifying rules ) ??
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,594
but if the abused process has administrative privilege woud not that be possible ? almost all software require administrative right during installation and this give their services the same rights (which include firewall modifying rules ) ??
Usually, the exploit can run something with standard privileges. The process running with standard privileges cannot abuse something running with high privileges, except when another exploit is used to elevate the malicious process. Abusing the services is often used to hide the malicious process which already could do malicious actions.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,594
Thanks for this. Downloaded Adobe Acrobat DC Reader. Though tempted by Foxit as well.
I am not sure if Adobe Reader DC (it is not the UWP app in AppContainer) can be safer than Foxit Reader. The first has the Attack Surface much bigger even if you use the AppContainer setting for Adobe Reader DC. Did you try Foxit MobilePDF?
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top