Demystifying COM

Presented at TROOPERS17 (2017), March 23, 2017, 1:30 p.m. (Unknown duration)

The Component Object Model has been part of Windows for over 20 years, in that time it's gained new abilities such as remoting with DCOM, service component model with COM+ and forms the bedrock of the WinRT library which is used by Universal Windows Applications. This presentation will give an overview of how COM works, what secures it and how you can go about inspecting the attack surface of COM for privilege escalation, remote code execution or persistence.


Presenters:

  • James Foreshaw
    James is a security researcher in Google's Project Zero. He has been involved with computer hardware and software security for over 10 years looking at a range of different platforms and applications. With a great interest in logical vulnerabilities he has numerous disclosures in a wide range of products from web browsers to virtual machine breakouts as well as being a Pwn2Own and Microsoft Mitigation Bypass bounty winner. He has spoken at a number of security conferences including Black Hat USA, CanSecWest, Bluehat, HITB, and Infiltrate.

Links:

Similar Presentations: