Getting Windows to Play with Itself: A Pen Tester's Guide to Windows API Abuse

DerbyCon 4.0 - Family Rootz

Presented by: Brady Bloxham
Date: Sunday September 28, 2014
Time: 10:00 - 10:50
Location: Track 1

Windows APIs are often a blackbox with poor documentation, taking input and spewing output with little visibility on what actually happens in the background. By reverse engineering (and abusing) some of these seemingly benign APIs, we can effectively manipulate Windows into performing stealthy custom attacks using previously unknown persistent and injection techniques. In this talk, we'll get Windows to play with itself nonstop while revealing 0day persistence, previously unknown DLL injection techniques, and Windows API tips and tricks. To top it all off, a custom HTTP beaconing backdoor will be released leveraging the newly released persistence and injection techniques. So much Windows abuse, so little time.

Brady Bloxham


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats