Pentesting Against Secure Desktop Applications presented at YouShotTheSheriff 2014

by Marcio Almeida Macedo,

Summary : The Secure Desktop is a feature of the Windows API that creates an area of
work to run separate programs / processes and thus
not allowing the processes and programs running on other areas of
work to capture both screens as typed keys in this area
of work.
Main difference: The Secure Desktop from the user's desktop is
that only trusted processes running as SYSTEM are
allowed to be performed here (ie, no running with
privilege level of the user) and the path to get to the Secure
Desktop the desktop user must also be reliable
throughout the process chain.
Because the main feature provided by Secure Desktop one
lot of applications are developed using secure desktop
trying to avoid malware to interact with these applications.
But as well as almost all, if not well implemented,
can provide a false sense of security and even if the
application is running in a safe working environment,
using some tricks that an attacker is able to "escape the sandbox"
provided by the desktop safe and run remote programs
/ processes in the application of those safe working environment which will
lead an attacker to interact with the program running on
the secure desktop.
The main objective of this lecture is to present some examples of
real world using the secure desktop and show how to log the keys
typed the screen capture or guaranteed desktops in ignoring the
main feature of the Windows Desktop insurance.