Getting Windows to Play with Itself: A Hacker's Guide to Windows API Abuse

Presented at DEF CON 22 (2014), Aug. 9, 2014, 5 p.m. (60 minutes).

Windows APIs are often a blackbox with poor documentation, taking input and spewing output with little visibility on what actually happens in the background. By analyzing (and abusing) the underlying functionality of these seemingly benign APIs, we can effectively manipulate Windows into performing stealthy custom attacks bypassing the latest in protective defenses. In this talk, we’ll get Windows to play with itself nonstop while revealing 0day persistence, previously unknown DLL injection techniques, and Windows API tips and tricks that any good penetration tester and/or malware developer should know. :) To top it all off, a custom HTTP beaconing backdoor will be released leveraging the newly released persistence and injection techniques. So much Windows abuse, so little time.


Presenters:

  • Brady Bloxham - Principal Security Consultant, Silent Break Security
    Brady Bloxham is founder and Principal Security Consultant at Silent Break Security, where he focuses on providing advanced, custom penetration testing services. Brady started his career working for the various three letter agencies, where he earned multiple awards for exceptional performance in conducting classified network operations. Brady stays current in the information security field by presenting at various hacker conferences, as well as providing training on building custom offensive security tools and advanced penetration testing techniques. Brady also maintains the PwnOS project and holds several highly respected industry certifications. :)

Links:

Similar Presentations: