Windows Breakout and Privilege Escalation

Course Description

The training provides attendees with the required knowledge to perform post-exploitation actions on locked down Windows machines and escalate privileges from a low level user to SYSTEM. These techniques were demonstrated on a modern 64-bit Windows 10 Enterprise platform.

The breakout portion covered fundamental techniques to circumvent applications deployed through Terminal Services and Citrix or environments locked down through the use of Software Restriction Policies (SRPs), Applocker and Group Policy.

The privilege escalation portion showed how to take advantage of security fails, configuration issues and weak permissions. The focus of this portion was on manual identification, analysis and exploitation. Automated tools can assist in this process, however a solid understanding of the various types of vulnerabilities is essential when attacking real-world systems.

Course contents

Requirements

Hardware/software Requirements

Trainers Biography

Jason Cook Jason is a CREST certified simulated attack specialist who has lead many high profile red team and scenario based attack scenarios for Context's global clients. As part of his role he keeps the internal simulated attack and privilege escalation toolkit within Context at the forefront, continuously updating the exploits, methodologies and attack methods to incorporate the newest research and code.

Francesco Mifsud Francesco developed the training course; by combining his knowledge of Windows privilege escalation techniques with the attack scenarios he encountered as part of his work at Context he has made a uniquely realistic and relevant training course that has already met with widespread success and acclaim. After trialing the course at the London BSides, his training was accepted by DEFCON Las Vegas in the Spring of '16. At Context he works as a general Consultant and Internal Windows Attack specialist.

Links :

Wed. 19 - 21 April 2017 (09:00 - 17:00) (3-day)

Back to Training Overview