This course covers tools, techniques and procedures to break out of execution restricted environments, escalate privileges from a low-level user and gain SYSTEM privileges on modern Windows systems. Previously delivered at conferences such as DEF CON and BruCon, the course is updated with new techniques every year.
High-level Summary:
• Circumventing Windows system lock-downs implemented via AppLocker, Software Restriction Policy (SRP) and Group Policies in environments such as Microsoft’s Terminal Services, Citrix’s Virtual Apps or CyberArk’s PSM.
• Elevating privileges on Windows systems via discovery and exploitation of insecure configurations, permissions and system defaults.
• Understanding Windows remote administration techniques and establishing persistence.
Automated tools aid in the post-exploitation process; however, a focus on manual identification, analysis and exploitation is critical to attacking real-world systems successfully. This course leverages practical case studies to provide reliable vulnerability identification and exploitation skills.
The requisite techniques for this course will be demonstrated on a modern 64-bit Windows 10 Enterprise platform.
Rohan (@Decode141) started his career as a bounty hunter and then moved into specialist consultancy. He primarily assesses Windows systems, but has previously contributed to application and software research (such as Formula Injection and client-sided code execution vulnerabilities in common software). Rohan holds certs such as OSCE, OSCP and CREST CCT.