Security BSides London 2017

More and more code running on Windows is done inside sandboxes or as non-administrators. This makes privilege escalation more important than ever. Memory corruptions are a common way of gaining higher privileges but Windows has been introducing more mitigations making exploitation harder. Logical vulnerabilities on the other hand are typically not affected by mitigations such as ASLR or DEP, but they’re generally more difficult to find. As an added complication they cannot be easily discovered through typical fuzzing approaches. This 2hr workshop will go through an introduction to finding and exploiting these logical privilege escalation vulnerabilities on Windows.

Some of the topics to be presented will be:

* Windows Internals as relevant to privilege escalation
* Types of sandboxes, restricted and low box tokens
* Under the hood
* Attack surface analysis:
* Probing the sandbox and the system
* COM services
* Exposed device drivers
* File and registry vulnerabilities
* How to find them and what to look for
* Exploitation
* Token vulnerabilities
* How to find them and what to look for
* Exploitation
* UAC and unusual unfixed vulnerabilities
* Working examples of based on previous vulnerabilities

L3 Any Geek

Requirements: Windows 10 32bit VM.