Getting Windows to Play with Itself: A Hacker's Guide to Windows API Abuse

DEF CON 22

Presented by: Brady Bloxham
Date: Saturday August 09, 2014
Time: 17:00 - 17:50
Location: Track 3

Windows APIs are often a blackbox with poor documentation, taking input and spewing output with little visibility on what actually happens in the background. By analyzing (and abusing) the underlying functionality of these seemingly benign APIs, we can effectively manipulate Windows into performing stealthy custom attacks bypassing the latest in protective defenses. In this talk, we’ll get Windows to play with itself nonstop while revealing 0day persistence, previously unknown DLL injection techniques, and Windows API tips and tricks that any good penetration tester and/or malware developer should know. :) To top it all off, a custom HTTP beaconing backdoor will be released leveraging the newly released persistence and injection techniques. So much Windows abuse, so little time.

Brady Bloxham

Brady Bloxham is founder and Principal Security Consultant at Silent Break Security, where he focuses on providing advanced, custom penetration testing services. Brady started his career working for the various three letter agencies, where he earned multiple awards for exceptional performance in conducting classified network operations. Brady stays current in the information security field by presenting at various hacker conferences, as well as providing training on building custom offensive security tools and advanced penetration testing techniques. Brady also maintains the PwnOS project and holds several highly respected industry certifications. :)


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats