Windows Breakout and Privilege Escalation

Presented at BSidesLV 2019, Aug. 6, 2019, 8 a.m. (595 minutes).

This course covers tools, techniques and procedures to break out of execution restricted environments, escalate privileges from a low-level user and gain SYSTEM privileges on modern Windows systems. Previously delivered at conferences such as DEF CON and BruCon, the course is updated with new techniques every year.

High-level Summary:

• Circumventing Windows system lock-downs implemented via AppLocker, Software Restriction Policy (SRP) and Group Policies in environments such as Microsoft's Terminal Services, Citrix's Virtual Apps or CyberArk's PSM.

• Elevating privileges on Windows systems via discovery and exploitation of insecure configurations, permissions and system defaults.

• Understanding Windows remote administration techniques and establishing persistence.

Automated tools aid in the post-exploitation process; however, a focus on manual identification, analysis and exploitation is critical to attacking real-world systems successfully. This course leverages practical case studies to provide reliable vulnerability identification and exploitation skills.

The requisite techniques for this course will be demonstrated on a modern 64-bit Windows 10 Enterprise platform.


Presenters:

  • Rohan Durve
    Rohan (@Decode141) started his career as a bounty hunter and then moved into specialist consultancy. He primarily assesses Windows systems, but has previously contributed to application and software research (such as Formula Injection and client-sided code execution vulnerabilities in common software). Rohan holds certs such as OSCE, OSCP and CREST CCT.

Similar Presentations: