The Component Object Model has been part of Windows for over 20 years, in that time it’s gained new abilities such as remoting with DCOM, service component model with COM+ and forms the bedrock of the WinRT library which is used by Universal Windows Applications. This presentation will give an overview of how COM works, what secures it and how you can go about inspecting the attack surface of COM for privilege escalation, remote code execution or persistence. The following topics will be included: * COM and DCOM Fundamentals o How COM works. o DCOM Proxies and Stubs o Security model and Impersonation o All the IDs * Enumerating attack surface o Tools to inspect and manipulate COM o Finding objects accessible at Low IL or in App Containers for privilege escalation o Runtime security model o Finding new COM objects after application installation o Marshaling and Persistence * Reverse Engineering COM components o Finding component implementation o Extracting interface information from binariesBack to Open CFP
This subject was never properly documented.
This talk will be the dawn of a new era of vulnerability discovery on Windows
We are pleased to announce the Call For Papers for INFILTRATE 2018 is now open. If you would like to present and have an offense-focused-fresh-content presentation, please submit an abstract, Bio and headshot to firstname.lastname@example.org. This information will be included on our Open CFP site, here, where the public can vote on which presentations they are most interested in seeing at INFILTRATE. Call for papers will close on December 14th, 2017. Shortly after this date, the winning speakers will be notified.
Some of the benefits of speaking at INFILTRATE are: