October 25-28, 2017!! We’re going to have so much fun! Hopefully you can join us!
Friday, October 27 • 14:20 - 15:05
Windows Operating System Archaeology

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

The modern Windows Operating System carries with it an incredible amount of legacy code.The Component Object Model (COM) has left a lasting impact on Windows. This technology is far from dead as it continues to be the foundation for many aspects of the Windows Operating System. You can find hundreds of COM Classes defined by CLSID (COM Class Identifiers). Do you know what they do? This talk seeks to expose tactics long forgotten by the modern defender. We seek to bring to light artifacts in the Windows OS that can be used for persistence and privilege escalation. We will present novel persistence techniques using only the registry and COM Objects.

avatar for Matt Nelson

Matt Nelson

Security Researcher
Matt Nelson (@enigma0x3) is a red teamer and security researcher. After spending time as a system administrator, he brings a passion for researching and pushing new offensive and defensive techniques into the security industry. Blog: enigma0x3.net
avatar for Casey Smith

Casey Smith

Casey Smith (@subtee) has a passion for understanding and testing the limits of defensive systems.

Friday October 27, 2017 14:20 - 15:05 MDT
Pinecrest B