This research aims to show some phases/techniques used during a red team operation even in a Windows environment.

Thinking about how to use a new way to abuse Windows environments, we mapped three methods that could help you in your assessment with a focus on showing bypass and persistence techniques using Windows.

First, this topic aims to show how we can bypass constrained language using run space with some csharp code.

The second method uses the XML file to create malicious files and elevate the privileges to the NT\AUTHORITY user.

And third, this is a particular point where I demonstrate how we can abuse Windows EventLog to maintain undetectable persistence. I created a new event log containing a HEX shellcode stored in raw data to establish communication with C2.

We can make numerous attacks using windows as our ally. Some protection mechanisms were built in, such as "Applocker to block Powershell Script, Privilege Elevation, and Persistence using the event log.".

To end of this talk, we hope the offensive team can use those new tricks and the defense can figure out some detections and mitigations.