Utilizing Lol-Drivers in Post Exploitation Tradecraft
Offered By: Hack In The Box Security Conference via YouTube
Course Description
Overview
Explore advanced post-exploitation techniques using signed drivers for offensive purposes in this conference talk from the Hack In The Box Security Conference. Delve into methodologies that leverage legitimate drivers to simulate kernel-mode threats, bypassing Windows Driver Signature Enforcement and PatchGuard. Learn how red teams can upgrade their toolset with kernel-mode attack capabilities without developing custom rootkits. Discover practical approaches to combine user-mode and kernel-mode techniques for enhanced evasion and mitigation bypass. Watch live demonstrations showcasing the use of Process Hacker's signed driver for credential dumping, process injection, and C2 communication. Gain insights into implementing these advanced techniques in existing red team toolsets and understand how threat actors have utilized similar methods in the past.
Syllabus
#HITB2021AMS D1T1 - Utilizing Lol-Drivers In Post Exploitation Tradecraft - Bariş Akkaya
Taught by
Hack In The Box Security Conference
Related Courses
Defeating Injection Attacks in ASP.NET and ASP.NET CorePluralsight OS Analysis with The Sleuth Kit & Autopsy
Pluralsight Reverse Engineering: Frida for Beginners
Udemy Powershell Is Dead - Epic Learnings
Security BSides London via YouTube Investigating Malware Using Memory Forensics - A Practical Approach
Black Hat via YouTube