This workshop is available to attendees of all levels, however, a basic familiarity with Process Monitor and the Windows API are recommended. The workshop will provide the required knowledge to find, analyze and exploit process workflows which allow an attacker to elevate their privileges from Medium to High integrity. The workshop is divided into the following sections.
Using the IFileOperation COM object Tricking the Process Status API (PSAPI) Getting UAC 0day (Pre RS2):
Analysis of known UAC bypasses Understanding the Windows Side-By-Side Assembly + Creating proxy DLL’s Using the Bypass-UAC framework (https://github.com/FuzzySecurity/PowerShell-Suite/tree/master/Bypass-UAC) + Dropping 0day(s)! Looking forward:
Triaging Windows 10 Redstone 2 Leaving IFileOperation behind COM objects & Fileless elevation The workshop has intense hands-on labs where attendees will put the theory into practice. After attending you will immediately be able to apply this knowledge in the field. The next time someone tells you the default UAC settings are sufficient you will be able to set them straight!
