Using Windows diagnostics for system compromise

DerbyCon V - Unity

Presented by: Nicholas Berthaume (aricon)
Date: Saturday September 26, 2015
Time: 17:00 - 17:50
Location: Track 3
Track: Teach Me

Abstract: This talk will discuss the merits of using Microsoft diagnostic tools in order to deliver payloads to modern Microsoft operating systems with little or no scrutiny by antivirus and network intrusion sensors. In it I will go over the reasons for using this tool-set including the advantages of more conventional techniques as well as the reasoning behind its exploration vs. more invasive payloads including those reliant on bugs to provide system compromise. Additionally a tool will be introduced that will provide for the creation of payloads on compatible *nix operating systems whereas previously they could only be generated using the Microsoft SDK on their operating systems. Additionally there will be an element of privilege escalation by way of UAC bypass on default configurations of the windows operating system.

Nicholas Berthaume


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats