Windows Breakout and Privilege Escalation

BSidesLV 2019

Presented by: Rohan Durve
Date: Tuesday August 06, 2019
Time: 08:00 - 17:55
Location: Training Ground

This course covers tools, techniques and procedures to break out of execution restricted environments, escalate privileges from a low-level user and gain SYSTEM privileges on modern Windows systems. Previously delivered at conferences such as DEF CON and BruCon, the course is updated with new techniques every year.

High-level Summary:

• Circumventing Windows system lock-downs implemented via AppLocker, Software Restriction Policy (SRP) and Group Policies in environments such as Microsoft’s Terminal Services, Citrix’s Virtual Apps or CyberArk’s PSM.

• Elevating privileges on Windows systems via discovery and exploitation of insecure configurations, permissions and system defaults.

• Understanding Windows remote administration techniques and establishing persistence.

Automated tools aid in the post-exploitation process; however, a focus on manual identification, analysis and exploitation is critical to attacking real-world systems successfully. This course leverages practical case studies to provide reliable vulnerability identification and exploitation skills.

The requisite techniques for this course will be demonstrated on a modern 64-bit Windows 10 Enterprise platform.

Rohan Durve

Rohan (@Decode141) started his career as a bounty hunter and then moved into specialist consultancy. He primarily assesses Windows systems, but has previously contributed to application and software research (such as Formula Injection and client-sided code execution vulnerabilities in common software). Rohan holds certs such as OSCE, OSCP and CREST CCT.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats