One of the things I love about the industry is that it’s like fashion…given enough time, the style that came and went comes back around again. Much like the fashion industry, we see things time and again…just wait.
A good example of this is the finger application. I first encountered finger toward the end of 1994,
during my first 6 months in grad school. I was doing some extracurricular research, and came across a reference to finger as making systems vulnerable, but it wasn’t clear why. I asked the senior sysadmin in our department; they looked at me, smiled, and walked away.
Jump forward about 29 years to just recently, and I saw finger.exe, on a Windows system, used for data exfiltration. John Page/hyp3rlinx wrote an advisory (published 2020-09-11) describing how to do this, and yes, from the client side, what I saw looked like it was taken directly from John’s advisory.
What this means to us is that the things we learn may feel like they fade with time, but wait long enough, and you’ll see them, or some variation, again. I’ve seen this happen with ADSs; more recently, the specific MotW variations have taken precedence. I’ve also seen it happen with shell items (i.e., the “building blocks” of LNK files, JumpLists, and shellbags), as well as with the OLE file format. You may think, “…man, I spent al
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: