Abusing Windows with PowerShell and Microsoft debuggers in user-land and kernel-land

BSidesDC 2016

Presented by: Pierre-Alexandre Braeken
Date: Saturday October 22, 2016
Time: 16:30 - 17:20
Location: Grand Central
Track: Track 2

We will cover the following subjects: Â<8a>Â<97>¢ User-land proof-of-concept: attacking the digest Security Support Provider byte per byte with PowerShell and Microsoft debugger to retrieve passwords from memory Â<8a>Â<97>¢ Kernel-land proof-of-concept: Direct Kernel Object Manipulation with PowerShell and Microsoft debugger o Hiding/Unhiding a process o Protecting a process o Injecting all privileges in a process with SYSTEM identity o Pass-The-Token attack

Â<8a>Â<97>¢ User-land proof-of-concept: Injecting and executing a shellcode in a remote process with PowerShell and a Microsoft debugger

Pierre-Alexandre Braeken

Mr. Braeken is an accomplished and highly experienced Security Architect possessing over 12 years of experience in engineering and system architecture. In his career, he has focused specifically on security, MCSE, MCSA, MCITP specialized in the implementation of large projects for businesses relying on the Microsoft infrastructure and alternative platforms. He is a Microsoft Certified Solutions Expert in Server Infrastructure. He holds an excellent command and understanding of information security, security architecture, secure application development and strong analytical skills pertaining to enterprise situations, risk and contingency plans. Mr. Braeken works for Deloitte as a Senior Consultant in Cyber Risks (Entreprise Risk Services) . He does unique Windows security research and speaks about it at international conferences (HackFest 2015 - Québec, Canada; Infosecurity Europe - London, UK).


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats