Below are the times and rooms for the workshops we will run on the Friday.
Remember you need a valid ticket for the conference to attend (we will be checking) as well as a ticket for the workshop. The tickets are free and are allocated on a first-come first-served basis.
Schedule – AM
Schedule – PM
WMI has recently been publicized for its offensive use cases. Attackers, and now red teams, are discovering how powerful WMI can be when used beyond its original intent. Even with the recent surge in WMI use, not everyone knows how to interact with it. This workshop intends to showcase how you can leverage WMI on assessments to do nearly anything you would want to do in a post-exploitation scenario. Want to read files, perform a directory listing, detect active user accounts, run commands (and receive their output), download/upload files, and do all of the above (plus more) remotely?
The goal for this workshop will be to enable students to walk away with an understanding of how WMI, a service installed and enabled by default since Windows 2000, is utilized by attackers, demystify interacting with the service locally and remotely, give students the ability to leverage WMI in the same manner as attackers, and walk through the use of WMImplant, a tool which automates this process for users.
A introduction to the tools & techniques that can be used to destroy .Net and Java applications on Windows. The workshop will focus on how to use freely available tools that can be used to destroy thick client ‘line of business’ applications. We will start by analyzing the behavior of applications on our way advancing up to extracting secrets from memory and bypassing mitigations such as code obfuscation or certificate pinning.
A moderate level of programming skill is recommended but not essential
This 2hr workshop will go through an introduction to finding and exploiting logical privilege escalation vulnerabilities on Windows. More and more code running on Windows is done inside sandboxes or as non-administrators. This makes privilege escalation more important than ever. Memory corruptions are a common way of gaining higher privileges but Windows has been introducing more mitigations making exploitation harder. Logical vulnerabilities on the other hand are typically not affected by mitigations such as ASLR or DEP, but they’re generally more difficult to find. As an added complication they cannot be easily discovered through typical fuzzing approaches.
- Windows Internals as relevant to privilege escalation
- Types of sandboxes, restricted and low box tokens
- Under the hood
- Attack surface analysis:
- Probing the sandbox and the system
- COM services
- Exposed device drivers
- File and registry vulnerabilities
- How to find them and what to look for
- Token vulnerabilities
- How to find them and what to look for
- UAC and unusual unfixed vulnerabilities
- Working examples of based on previous vulnerabilities
Attendees are welcome to participate through the workshop by having access to a Windows 10 32 bit VM installation. Access to all tools and examples demonstrated on the day will be provided.
This workshop time permitting will detail everything the client will require to become an expert in remote social engineering.
It will start with how to set up your own SE lab, then go on to teach exploitation of Microsoft functionality, credential harvest attacks, creation of malicious, macros, OLE, .HTA and even include recently reported zero day’s.
Commonly used AV bypass techniques will also be taught along with some basic Powershell and privilege escalation techniques.
This workshop will be suitable for any level of expertise. It’s a bold workshop, that should be amusing, enlightening, and possibly dangerous with regards to an overshare of technical information.
Preferred laptop setup: Win 7, 8 or 10, VMWare, VirtualBox or anything else you can configure, and a copy of Kali on another VM.
Learn how to use American Fuzzy Lop – aka afl-fuzz – the most effective fuzzing tool for C/C++/Objective C programs. This practical workshop will give you: a brief introduction to fuzzing and what it’s good for; what afl brings to the party; how to select and set up a target for fuzzing with afl; and how to make the most of its capabilities. You’ll rediscover real vulnerabilities like Heartbleed, and finish the session with the knowledge you need to start fuzzing your own targets.
You’ll need: a laptop that can ssh into the provided VM (or your own Linux machine/VM); basic C programming skills; basic familiarity with the Linux command line.
An introduction to the theory and practical work behind TLS where you will obtain your own certificate and deploy HTTPS to a website.
Each attendee will need to bring their own laptop with a browser and SSH client. For Mac/Linux users the Terminal is fine and we recommend PuTTY (free) for Windows users or an SSH client of their choice.
Each attendee will need to have basic command line skills. Being able to move around folders and edit text files will be sufficient.
Hands on workshop getting you up-to speed on how easy it is to find and exploit applications via DLL planting and some other tricks
We have two applications to play with, one GoPro Studio, the other a ‘SCADA’ app (ooowww) we will look at search order and ‘binary planting’ issues – those attending will be able to go find their own vulnerabilities.