Windows Breakout and Privilege Escalation

This course covers tools, techniques and procedures to break out of execution restricted environments, escalate privileges from a low-level user and gain SYSTEM privileges on modern Windows systems. Previously delivered at conferences such as DEF CON and BruCon, the course is updated with new techniques every year.

High-level Summary:

• Circumventing Windows system lock-downs implemented via AppLocker, Software Restriction Policy (SRP) and Group Policies in environments such as Microsoft’s Terminal Services, Citrix’s Virtual Apps or CyberArk’s PSM.

• Elevating privileges on Windows systems via discovery and exploitation of insecure configurations, permissions and system defaults.

• Understanding Windows remote administration techniques and establishing persistence.

Automated tools aid in the post-exploitation process; however, a focus on manual identification, analysis and exploitation is critical to attacking real-world systems successfully. This course leverages practical case studies to provide reliable vulnerability identification and exploitation skills.

The requisite techniques for this course will be demonstrated on a modern 64-bit Windows 10 Enterprise platform.

Presented by