Windows RID Hijacking: Maintaining Access on Windows Machines

Presented at RomHack 2018, Sept. 22, 2018, 12:15 p.m. (45 minutes)

The new persistence technique RID Hijacking, which affects all Windows versions, takes advantage of some security issues found on the authentication & authorization tasks executed by the Operating System. It allows setting desired privileges to an existent account in a stealthy manner by modifying some security attributes. To show its effectiveness, the attack will be demonstrated by using a module which was recently added by Rapid7 to their Metasploit Framework, and developed by the security researcher Sebastián Castro.


  • Sebastián Castro - Technical & Research Leader at CSL Labs
    Sebastián Castro (@r4wd3r) is the Technical & Research Leader at CSL Labs. Born in Bogotá, Colombia, has been an information security researcher, network & application pentester and red-teamer for 6 years, providing cybersecurity services to global financial institutions and local defense government organizations. This guy has presented at national and international conferences, such as BSides, ISC² and recently Black Hat, exposing password cracking and Windows security own research. Sometimes tenor, sometimes hacker, Sebastián also works as an opera singer at Opera of Colombia Chorus, participating on many national and international fancy performances with well-known singers whose names he can't even spell.


Similar Presentations: