YoVDO

Windows Operating System Archaeology - Casey Smith and Matt Nelson

Offered By: YouTube

Tags

Conference Talks Courses Cybersecurity Courses Digital Forensics Courses Security BSides Courses Privilege Escalation Courses Mimikatz Courses

Course Description

Overview

Explore Windows operating system archaeology in this 51-minute conference talk from BSides Nashville 2017. Delve into topics such as Component Object Model, Com Object Registration, Mimikatz, and persistence techniques. Learn about excavation tools, militia tactics, and evasion methods like script injection. Discover insights on privilege escalation, Office add-ins, and command line logging. Gain valuable knowledge on Windows internals and security implications from speakers Casey Smith and Matt Nelson.

Syllabus

Introduction
Objectives
Overview
Component Object Model
Component Object Resolution
Other Monitors
Com Object
Registration Free Comm
Code
Registration Helper
Register Function
Mimikatz
Switch gears
Methodology
Excavation Tools
Militia Tactics
Persistence hijacking
Persistence tree
Registry entry
Importing entries
Evasion
Script Injection
Command Line Logging
Office Addins
Privilege Escalation
Julians Blog


Related Courses

Early Detection through Deception
YouTube
Hack for Show, Report for Dough - Brian King
YouTube
Blue Teamin on a Budget of Zero - Kyle Bubp
YouTube
Windows Event Logs - Zero to Hero
YouTube
Weaponizing Splunk - Using Blue Team Tools for Evil
YouTube