Tijme Gommers
As Reverse Engineer & Red Teamer, Tijme (@tijme) supports in the development of Adversary Simulation services to conduct ART & TIBER. He facilitates teams with knowledge, tools & techniques used to simulate nation-state actors as accurately as possible, ultimately increasing cyber resilience of critical organisations and infrastructure throughout Europe. Furthermore, with his polyglot software engineering background, he works on the development of malware and zero-day exploits. This is once again used to realistically train blue teams in repelling nation-state cyber-attacks.
Session
When did you last use or analyze a UAC bypass? And did you fully understand its internals?
User Account Control (UAC) is a security feature in Windows that limits the set of privileges available to users. And so, bypassing UAC enables threat actors to utilize privileges otherwise not available. A lot of the publicly available UAC bypasses exist, and most of them abuse functionality in COM objects to achieve their goal. However, COM is a largely undocumented part of Windows, making it difficult to truly understand how this process technically works.
In 30 minutes, I will teach you the basics of UAC and COM. Largely visualized, I explain how UAC works, what COM is, and how you can communicate with COM objects. As we progress, I explain in an easy-to-follow way how you can exploit COM objects to bypass UAC.
Lastly, I demo the exploitation of UAC through COM, and I share the code so you can start experimenting with UAC and COM by yourself.