2025-10-24 –, Europe
Part of Windows operating system for over 20 years, DCOM (Distributed Component Object Model) has received a lot of attention from the security research community.
Ranging from lateral movement and privilege escalation to persistence techniques, DCOM is an extremely versatile attack vector. Yet, its inner workings remains unknown to many security experts.
To close this knowledge gap, we will take a deep dive into DCOM latest research works — including this year's many new contributions— through practical use cases and tooling. A comprehensive testing framework will eventually be presented, enabling security researchers to build upon these previous works more effectively.
At last, we will discuss practical defensive strategies, along with key insights to help security analysts effectively detect and respond to DCOM-based abuse.
After introducing Windows Component Object Model, we will see how it fits into almost every step of the cyber kill chain. Security profesionnals from any background (academic, offensive and defensive security experts, network administrators..) should find practical use cases and tooling, as well as a deep understanding of how these various attacks work under the hood.
Julien is a french penetration tester and security researcher, currently working at Orange Cyberdefense. As a Python lover with a background in software development, he is fervent open-source advocate who contributed to several offensive security projects including KeePwn, KeeFarce Reborn, Scapy, Metasploit, CrackMapExec and Impacket.