Jump to content

AutoIt In a Hardened Environment

Fikes
 Share

Recommended Posts

Fikes Seeker

Fikes

Posted
Posted

Hello all,

First post, and I hope I put it in the right place. I have sort of an odd question regarding AutoIt itself. The background is that I work CyberSecurity for a company and working this position has made me somewhat paranoid. In this position I build up computers (Windows 7) and configure them based on a set of requirements given to us by the government. Part of my method in keeping things secure is making sure I don't put any software on the systems that isn't vetted to some degree or another.

 

The problem is that I have somewhere in the neighborhood of 600-1000 tweaks to make to the operating system and other installed software. Worse yet I have to PROVE I made those tweaks through things like the group policies and the registry and all that biz (meaning even if I make a perfect image I have to retrace my steps over and over). That means opening the registry and navigating through 12 folders to show a key to an observer. I obviously want to automate this.

 

The idea is that I would install AutoIT on a dev computer, write up the executable, run it on the hardened system, and remove the executable. My question is, How confident can I be that running an executable built from AutoIt won't "weaken" my system? Has anyone here run such an executable on a sensitive system? Has anyone put such an executable through the paces to make sure it doesn't open some sort of back door?

Link to comment
Share on other sites
JohnOne Universalist

JohnOne

Posted
Posted

Why don't you put an exe through a "sensitive system" to see for yourself? You're the CyberSecurity expert.

After all, I could tell you that, yes I have, but I could be a developer in disguise who writes these back doors.

AutoIt Absolute Beginners    Require a serial    Pause Script    Video Tutorials by Morthawt   ipify 

Monkey's are, like, natures humans.

Link to comment
Share on other sites
iamtheky Universalist

iamtheky

Posted
Posted (edited)

 im assuming you are running some sort of scan that tells you the changes you need to make, so you would naturally run that same scan afterwards to ensure those changes were made and nothing was broken due to those changes.  Being USG I would assume sort of SCAP compliance checker or Retina type utility which should give all needed assurance that no vulnerabilities were created.  If you want to exercise further due diligence you could run it from a disc (which also helps with older systems that dont have a lot of HD space) or make the changes offline with DISM so that your executable does not even have to be running on the same system the .WIM file resides on, but that last one is probably overkill.  Until Win 7, Even the DISA GOLD disc used autoit to deploy the contents of the software folder (each app wrapped with its own .ini, not a bad display of autoit action at all for XP days). And its used by nearly all the STAMIS for image deployment and quarterly patch rollups, because they were all totally jealous of my sexy deployments (and totally not because i was responsible for their patches). 

Edited by boththose 

,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Link to comment
Share on other sites
RegiOween Seeker

RegiOween

Posted
Posted

Fikes, welcome!

It's not that hard to monitor a standalone AutoIt compiled script. I use the free Sysintenals tools (www.sysinternals.com) with fairly good results, but you being a security professional, I assume you might have even more advanced tools to do this kind of task.

Link to comment
Share on other sites
Fikes Seeker

Fikes

Posted
  • Author
Posted

Thanks for the welcome and information everyone. The big problem is that I am not an expert in Cybersecurity, not even close. As BothThose pointed out, SCAP and Retina scan your system for vulnerabilities and those are fairly easy to address. The problem is that I don't know enough about what those scanners don't pick up, hence my mild paranoia. In many cases I don't yet even know what I don't know so I am forced to assume I know nothing and that everyone is out to get me.

 

In the end I'll probably pick up one of those monitoring tools and try some basic scripting. I am excited! I have done some useful things with AutoHotkey in the past.

 

Thanks again for the information.

Link to comment
Share on other sites
iamtheky Universalist

iamtheky

Posted
Posted (edited)

If you dont have one already I would recommend SPAWAR's Scap Compliance Checker (you can get it from the NIST website last i checked, and the IAM or someone at the SMO should be able to sponsor you if the download is still protected), it has a very active community and gaps are addressed rapidly.

Edited by boththose 

,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...