Talk delivered by Chema Alonso and Juan Garrido "Silverhack" in Defcon 19 about new tricks for hacking Citrix and Terminal Services environments using Excel (and Office Apps) to run commands in the server.
23. Playingthe Piano Toomanyshortcuts Ctrl + h – Web History Ctrl + n – New Web Browser Shift + LeftClick – New Web Browser Ctrl + o – Internet Addres Ctrl + p – Print RightClick (Shift + F10) SaveImage As View Source F1 – Jumpto URL…
24. Playingthe Piano Too , Too, Toomanyshorcuts: ALT GR+SUPR = CTRL + ALT + SUP CTRL + F1 = CTRL + ALT + SUP CTRL + F3 = TASK MANAGER StickyKeys
28. MinimunExposurePaths There are as manypaths as pulbishedapps Everyappis a paththatcould drive toelevateprivileges Complextools are bettercandidates Excel is a complextool
36. Security Policesfor Excel Macros Disable VBA - Securebutit´snot REAL Excel 2) Security for macros - No macros - signed macros - Case by case - All macros
41. Startthe III WorldWar Find a bug in a DHS Computer Trust in yourRogue CA Generateanattacking URL in the CRL (attacking China, forexample) Signanexcel file withyourrogue CA Send a digital ly-signedexcel file tosomeonerelevant!
44. Solutions Re-evaluateyourRemote App connections No alerts at all in Excel (and alltherest of appsyoupublish) No trustedlocations in user-profiles No sharedremoteusers Trust in nobodoy… Sorry, noteven in nobody