COM in Sixty Seconds! (well minutes more likely)

Author(s): James Forshaw
Category: Vulnerability Research
Duration: 45
Summary: The Component Object Model has been part of Windows for over 20 years, in that time it’s gained new abilities such as remoting with DCOM, service component model with COM+ and forms the bedrock of the WinRT library which is used by Universal Windows Applications. This presentation will give an overview of how COM works, what secures it and how you can go about inspecting the attack surface of COM for privilege escalation, remote code execution or persistence. The following topics will be included:

* COM and DCOM Fundamentals

o How COM works.

o DCOM Proxies and Stubs

o Security model and Impersonation

o All the IDs

* Enumerating attack surface

o Tools to inspect and manipulate COM

o Finding objects accessible at Low IL or in App Containers for privilege escalation

o Runtime security model

o Finding new COM objects after application installation

o Marshaling and Persistence

* Reverse Engineering COM components

o Finding component implementation

o Extracting interface information from binaries

Likes: 2

Comments

Vasile

This subject was never properly documented.


spongepat

This talk will be the dawn of a new era of vulnerability discovery on Windows