Security B-Sides London 2017
7th of June 2017 at the ILEC Conference Centre 47 Lillie Road, London, SW6 1UD

Welcome to our schedule for the day! For more details on the talks, workshops, please visit our website.
Back To Schedule
Wednesday, June 7 • 15:15 - 17:30
Session 3 Introduction to Logical Windows Privilege Escalation with James Foreshaw @tiraniddo

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
More and more code running on Windows is done inside sandboxes or as non-administrators. This makes privilege escalation more important than ever. Memory corruptions are a common way of gaining higher privileges but Windows has been introducing more mitigations making exploitation harder. Logical vulnerabilities on the other hand are typically not affected by mitigations such as ASLR or DEP, but they’re generally more difficult to find. As an added complication they cannot be easily discovered through typical fuzzing approaches. This 2hr workshop will go through an introduction to finding and exploiting these logical privilege escalation vulnerabilities on Windows.

Some of the topics to be presented will be:

* Windows Internals as relevant to privilege escalation
* Types of sandboxes, restricted and low box tokens
* Under the hood
* Attack surface analysis:
* Probing the sandbox and the system
* COM services
* Exposed device drivers
* File and registry vulnerabilities
* How to find them and what to look for
* Exploitation
* Token vulnerabilities
* How to find them and what to look for
* Exploitation
* UAC and unusual unfixed vulnerabilities
* Working examples of based on previous vulnerabilities

L3 Any Geek

Requirements: Windows 10 32bit VM.

avatar for James


James is a security researcher in Google’s Project Zero. He has been involved with computer hardware and software security for over 10 years looking at a range of different platforms and applications. With a great interest in logical vulnerabilities he’s been listed as the #1... Read More →

Wednesday June 7, 2017 15:15 - 17:30 BST