Utilizing Lol-Drivers in Post Exploitation Tradecraft

Explore advanced post-exploitation techniques using signed drivers for offensive purposes in this conference talk from the Hack In The Box Security Conference. Delve into methodologies that leverage legitimate drivers to simulate kernel-mode threats, bypassing Windows Driver Signature Enforcement and PatchGuard. Learn how red teams can upgrade their toolset with kernel-mode attack capabilities without developing custom rootkits. Discover practical approaches to combine user-mode and kernel-mode techniques for enhanced evasion and mitigation bypass. Watch live demonstrations showcasing the use of Process Hacker's signed driver for credential dumping, process injection, and C2 communication. Gain insights into implementing these advanced techniques in existing red team toolsets and understand how threat actors have utilized similar methods in the past.

#HITB2021AMS D1T1 - Utilizing Lol-Drivers In Post Exploitation Tradecraft - Bariş Akkaya