YoVDO

Windows Agentless C2 - Abusing the MDM Client Stack

Offered By: Ekoparty Security Conference via YouTube

Tags

Windows Security Courses Reverse Engineering Courses Mobile Device Management Courses Privilege Escalation Courses Command and Control Courses Windows Internals Courses Malware Development Courses Vulnerability Research Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore groundbreaking research on exploiting the Windows Mobile Device Management (MDM) stack to create an agentless Command and Control (C2) system in this conference talk from Ekoparty 2023. Delve into a comprehensive analysis of the MDM client architecture, protocols, components, and workflows, uncovering previously undisclosed vulnerabilities and attack vectors. Follow the speaker's journey in developing a custom C2 server, implementing MDM protocols, crafting malicious commands, and extending the MDM Client stack to support second-stage payloads. Learn how to exploit the MDM client architecture for remote device control, privilege escalation, security feature disabling, and arbitrary code deployment without traditional agent installation. Gain insights into innovative techniques for exploiting Windows features and discover potential defensive strategies against this emerging threat vector. Presented by Marcos Oviedo, an infosec professional specializing in Windows internals and reverse engineering, this talk aims to inspire further research and contribute to the information security field.

Syllabus

Windows Agentless C2: (Ab)using the MDM Client Stack - Marcos Oviedo - Ekoparty 2023


Taught by

Ekoparty Security Conference

Related Courses

CNIT 127: Exploit Development
CNIT - City College of San Francisco via Independent
Enterprise Security Fundamentals
Microsoft via edX
Penetration Testing - Post Exploitation
New York University (NYU) via edX
Ultimate Ethical Hacking and Penetration Testing (UEH)
Udemy
Hands-on Penetration Testing Labs 4.0
Udemy