This course covers tools, techniques and procedures to break out of execution restricted environments, escalate privileges from a low-level user and gain SYSTEM privileges on modern Windows systems. Previously delivered at conferences such as DEF CON and BruCon, the course is updated with new techniques every year.
- Circumventing Windows system lock-downs implemented via AppLocker, Software Restriction Policy (SRP) and Group Policies in environments such as Microsoft’s Terminal Services, Citrix’s Virtual Apps or CyberArk’s PSM.
- Elevating privileges on Windows systems via discovery and exploitation of insecure configurations, permissions and system defaults.
- Understanding Windows remote administration techniques and establishing persistence.
Automated tools aid in the post-exploitation process; however, a focus on manual identification, analysis and exploitation is critical to attacking real-world systems successfully. This course leverages practical case studies to provide reliable vulnerability identification and exploitation skills.
The requisite techniques for this course will be demonstrated on a modern 64-bit Windows 10 Enterprise platform.
For more information, visit BSides Las Vegas.