Windows EventLog Persistence Techniques for Red Team Operations

Explore advanced Windows exploitation techniques in this 32-minute conference talk from BSidesLV. Delve into three innovative methods for bypassing security measures and maintaining persistence in Windows environments during red team operations. Learn how to circumvent constrained language using run space with C# code, exploit XML files for privilege escalation to NT\AUTHORITY, and leverage Windows EventLog for undetectable persistence through HEX shellcode storage. Gain insights into offensive strategies that challenge built-in protection mechanisms like Applocker, and discover potential detection and mitigation approaches for defensive teams.

GroundFloor, Tue, Aug 6, 20:00 - Tue, Aug 6, CDT