Fooling Windows through Superfetch

Дата: 26.02.2021. Автор: CISOCLUB. Категории: Подкасты и видео по информационной безопасности

Have you ever tried to hide your traces after doing some obscure stuff on a computer? We usually think about cleaning histories, file lefts, event viewer, DNS cache, and registry keys but have you ever thought about Superfetch?
This is a Windows service whose purpose is to increase the speed of user’s experience. Superfetch will analyze user’s software use to prelaunch the process next time the user might need it. It also includes files used by the program such as text documents, photos, and movies. In concrete terms, the service tracks every activity on the OS and records traces into files with a «.pf » extension, called scenarios. Whenever Superfetch wants to predict which program might be launched, it will consult its prefetch files, computes probabilities and then tries to predict user decisions. This constitutes a forensic gold mine for any governmental service or any malicious person since it raises a very serious privacy issue.

By Mathilde Venault and Baptiste David

Full Abstract & Presentation Materials: https://www.blackhat.com/us-20/briefings/schedule/#fooling-windows-through-superfetch-20201

CISOCLUB

Об авторе CISOCLUB

Редакция CISO CLUB. Официальный аккаунт. CISO CLUB - информационный портал и профессиональное сообщество специалистов по информационной безопасности.
Читать все записи автора CISOCLUB

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *