44CON 2017 has ended
Back To Schedule
Friday, September 15 • 09:30 - 11:29
James Forshaw - WORKSHOP: Introduction to Windows Logical Privilege Escalation

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

This workshop will go through an introduction to finding and exploiting logical privilege escalation vulnerabilities on Windows. More and more code running on Windows is done inside sandboxes or as non-administrators. This makes privilege escalation more important than ever. Memory corruptions are a common way of gaining higher privileges but Windows has been introducing more mitigations making exploitation harder. Logical vulnerabilities on the other hand are typically not affected by mitigations such as ASLR or DEP, but they’re generally more difficult to find. As an added complication they cannot be easily discovered through typical fuzzing approaches. Some of the topics to be presented will be:

Windows Internals as relevant to privilege escalation
Types of sandboxes, restricted and low box tokens
Under the hood
Attack surface analysis:
Probing the sandbox and the system
COM services
Exposed device drivers
File and registry vulnerabilities
How to find them and what to look for
Token vulnerabilities
How to find them and what to look for
UAC and unusual unfixed vulnerabilities
Working examples of based on previous vulnerabilities
Attendees are welcome to participate through the workshop by having access to a Windows 10 32 bit VM installation. Access to all tools and examples demonstrated on the day will be provided.


Friday September 15, 2017 09:30 - 11:29 BST
*Track 3*