YoVDO

Well, That Escalated Quickly! A Penetration Tester’s Approach to Privilege Escalation - DefCamp - 2018

Offered By: DefCamp via YouTube

Tags

DefCamp Courses Penetration Testing Courses Privilege Escalation Courses

Course Description

Overview

Explore penetration testing techniques for privilege escalation in this DefCamp 2018 conference talk. Delve into Windows-specific methods, including registry manipulation, process and job exploitation, service account vulnerabilities, and startup program weaknesses. Learn about unsecure services, file permission exploits, DLL hijacking, and scheduler task vulnerabilities. Discover how to identify and exploit outdated software, weak passwords, and physical access vulnerabilities. Gain insights into the three phases of penetration testing: information gathering, exploitation, and reporting. Enhance your cybersecurity skills with hands-on knowledge from this comprehensive presentation on escalating privileges in Windows environments.

Syllabus

Introduction
Objectives
Windows
Registry
Processes
Jobs
Services
Service Accounts
Startup Programs and Scheduler Tasks
Unsecure Services
Weak executable file permissions
Unquoted service path method
DLL hijacking
Scheduler tasks
Exploit outdated software
Weak passwords
Physical access
Three phases
Phase 1 Overview
Information Gathering
Exploit
Reporting
Question


Taught by

DefCamp

Related Courses

The Model of Post-Quantum Signature Using Verkle Tree - DefCamp - 2022
DefCamp via YouTube
The Anatomy of Wiper Malware - DefCamp - 2022
DefCamp via YouTube
Internet Balkanization in an Era of Military Conflict - Dan Demeter - DefCamp - 2022
DefCamp via YouTube
How We Analyzed and Built an Exploit PoC for CVE-2022-24086, a Magento RCE - Catalin Filip - DefCamp - 2022
DefCamp via YouTube
To Log, or Not to Log! That Is the Question - DefCamp - 2022
DefCamp via YouTube