COM Hijacking Techniques

COM Hijacking Techniques

The COM interface lies at the core of Windows, and subtle registry changes can interfere with this the OS in unexpected ways. COM hijacking allows an attacker to load a library into a calling COM-enabled process. It’s a feature, not a bug. While it is commonly used for persistence, some famous COM hijacks have led to more severe exploits. COM hijacking is already used by several families of malware, and it’s time that pentesters caught up on how to abuse this feature. This presentation will cover COM hijacking from start to finish; showing how discover hijackable COM objects, how to use them offensively, and how to make the calling process remain stable. The blue team will not be forgotten; the talk will cover detection strategies for identifying and defending against COM hijacks.

Presented by