Microsoft Windows has a long history of outstanding security vulnerabilities that many of us in the security industry are well aware of. Microsoft has released advisories with mitigations for some of these vulnerabilities, however due to compatibility, performance, and time/budget constraints, these mitigations are often not deployed consistently.
In this project we take advantage of a number of these issues to develop a local privilege escalation exploit for Microsoft Windows that is safe and reliable for Windows versions through 8.1 (further testing pending). Microsoft security team was informed on 9/22/2015 and has not responded to date. Exploit code in C# will be released in coordination with the talk.
Inspired by one of the steps in the above PoC, a second technique will be discussed that allows NBNS spoofing attacks across network broadcast domains. Code for this will be released as a feature-addition to the popular “Responder” tool.
Stephen Breen is a Principal Consultant with the Offensive Security and Red Team at NTT Com Security and member of the FoxGlove Security team. His time is split between delivering high end penetration testing engagements and R&D that is inspired by real-world experience. Stephen has been dabbling in infosec before it was called infosec, ever since his Windows 95 machine was DoS’d by an IRC skiddie using the “Ping of Death”. On paper, he has an academic and development background, with a Masters in CS at McGill University and performed development and operations roles before getting into the security industry.