1. InfoconDB
  2. DEF CON
  3. DEF CON 32 (2024)
  4. Sudos and Sudon’ts - Peering inside Sudo for Windows

Sudos and Sudon’ts - Peering inside Sudo for Windows

Presented at DEF CON 32 (2024), Aug. 10, 2024, 11:30 a.m. (45 minutes).

In February 2024, Microsoft announced the release of Sudo for Windows for Windows 11 Insider Preview[1]. Like the Unix sudo utility, it provides a method for users to run commands with elevated permissions. This talk will share the results of an analysis of Sudo for Windows, starting with a summary of the information provided by Microsoft. From there, we will explore the architecture used to coordinate the elevation of the specified process, the ALPC service used to communicate between elevated and non-elevated processes, how Rust interoperates with Windows APIs, and the path resolution process for files and relative paths. As part of that journey, we will discuss a few discovered security issues. This presentation will be valuable to anyone with an interest in Windows reverse engineering or Rust memory safety. A conceptual understanding of Windows Inter-Process Communication (IPC) and heap allocation may make parts of the talk more approachable, but the main ideas will be accessible to anyone with a high-level understanding of process memory layout (stack vs heap). 1. [link](https://devblogs.microsoft.com/commandline/introducing-sudo-for-windows/) 2. [link](https://learn.microsoft.com/en-us/windows/sudo/) 3. [link](https://github.com/microsoft/sudo) 4. [link](https://www.tiraniddo.dev/2024/02/sudo-on-windows-quick-rundown.html) 5. [link](https://www.powershellgallery.com/packages/NtObjectManager/2.0.1) 6. [link](https://github.com/microsoft/windows-rs) 7. [link](https://github.com/rust-lang/rust)

Presenters:

  • Michael "mtu" Torres - Senior Security Engineer, Network Infrastructure Security at Google
    mtu, otherwise known as Michael Torres, is a Senior Security Engineer in the Network Infrastructure Security team at Google, where his primary focus is on Operational Technology systems. Michael is also a Staff Sergeant in the United States Marine Corps Reserve, where he has been responsible for planning and conducting both offensive and defensive cyber operations. He is passionate about sharing knowledge to benefit others, and is an active volunteer for VetSec (veteransec.org), a charity focused on helping military veterans have successful careers in cybersecurity.

Similar Presentations: