Well, That Escalated Quickly! A Penetration Tester’s Approach to Privilege Escalation - DefCamp - 2018
Offered By: DefCamp via YouTube
Course Description
Overview
Explore penetration testing techniques for privilege escalation in this DefCamp 2018 conference talk. Delve into Windows-specific methods, including registry manipulation, process and job exploitation, service account vulnerabilities, and startup program weaknesses. Learn about unsecure services, file permission exploits, DLL hijacking, and scheduler task vulnerabilities. Discover how to identify and exploit outdated software, weak passwords, and physical access vulnerabilities. Gain insights into the three phases of penetration testing: information gathering, exploitation, and reporting. Enhance your cybersecurity skills with hands-on knowledge from this comprehensive presentation on escalating privileges in Windows environments.
Syllabus
Introduction
Objectives
Windows
Registry
Processes
Jobs
Services
Service Accounts
Startup Programs and Scheduler Tasks
Unsecure Services
Weak executable file permissions
Unquoted service path method
DLL hijacking
Scheduler tasks
Exploit outdated software
Weak passwords
Physical access
Three phases
Phase 1 Overview
Information Gathering
Exploit
Reporting
Question
Taught by
DefCamp
Related Courses
The Model of Post-Quantum Signature Using Verkle Tree - DefCamp - 2022DefCamp via YouTube The Anatomy of Wiper Malware - DefCamp - 2022
DefCamp via YouTube Internet Balkanization in an Era of Military Conflict - Dan Demeter - DefCamp - 2022
DefCamp via YouTube How We Analyzed and Built an Exploit PoC for CVE-2022-24086, a Magento RCE - Catalin Filip - DefCamp - 2022
DefCamp via YouTube To Log, or Not to Log! That Is the Question - DefCamp - 2022
DefCamp via YouTube