Abstract

Windows Privilege Escalation Techniques

Introduction:

This will be a completely hands on session on identifying and exploiting Logical flaws in Windows to perform privilege escalation attacks. At the end of this session, the participant will be able manually identify logical flaws in Windows Systems and learn how to elevate to administrator\SYSTEM privileges.

At a bare minimum, the following techniques will be covered:
1. Kernel exploits
2. Design issues
3. Service Misconfigurations
4. Binary planting and DLL Preloading attacks
5. Windows registry misconfigurations/stored secrets
5. File and resource permission issues
6. Memory and Disk forensics
7. hash passing/spraying
8. UAC Bypasses

Hardware Pre-requisites (Mandatory)

  • A system capable of running Virtual Box. You can test this by installing Virtual Box and creating a test VM.
  • Atleast 2 GB of RAM
  • Atleast 5 GB of free space on any drive.

Software Pre-requisites (Mandatory)

  • VirtualBox (Any version higher than 5.1.10). Please install this and come before the session. VMWare will not be supported.
  • Sysinternals Suite (https://technet.microsoft.com/en-in/sysinternals/bb545021.aspx)
  • FTK Imager Lite (http://accessdata.com/product-download/ftk-imager-lite-version-3.1.1)
  • mimikatz (https://github.com/gentilkiwi/mimikatz)
  • hashcat (https://hashcat.net/hashcat/)
  • Password dictionary - rockyou.txt (Get this from Kali or any other Internet source)

Speaker

Riyaz Walikar

I like photography, stargazing, collecting stamps and fishing.

Timing

Starts at Saturday June 24 2017, 09:30 AM. The sessions runs for about 9 hours.

Resources