Thursday, July 27, 2017 15 months ago Las Vegas, USA
Started in 1992 by the Dark Tangent, DEF CON is the world's longest running and largest underground hacking conference. DEF CON is generally in the last week of July or first week of August in Las Vegas. DEF CON 25 will be held July 27-30, 2017, at Caesars Palace in Las Vegas.
Date: Saturday, July 29, 2017
This workshop is available to attendees of all levels, however, a basic familiarity with Process Monitor and the Windows API are recommended. The workshop will provide the required knowledge to find, analyze and exploit process workflows which allow an attacker to elevate their privileges from Medium to High integrity. The workshop is divided into the following sections.
- Identifying auto-elevating processes
- Analyzing process workflows
- Finding UAC bypass targets
Elevated File Operations:
- Using the IFileOperation COM object
- Tricking the Process Status API (PSAPI)
Getting UAC 0day (Pre Windows RS2):
- Analysis of known UAC bypasses
- Understanding the Windows Side-By-Side Assembly
- Creating proxy DLL's
- Using the Bypass-UAC framework (https://github.com/FuzzySecurity/PowerShell-Suite/tree/master/Bypass-UAC)
- Dropping 0day(s)!
Triaging Windows RS2:
- Environment variables
- Registry abuse
- COM objects
- Process tokens
The workshop has intense hands-on labs where attendees will put the theory into practice. After attending, you will immediately be able to apply this knowledge in the field. The next time someone tells you the default UAC settings are sufficient you will be able to set them straight!
Materials: To participate in the hands-on sections, attendees need to bring a laptop with 2 GB RAM which can be dedicated to a virtual machine. Both VirtualBox and VMware player can be obtained for free. Two virtual machines and all necessary tools will be provided during the workshop!