Explore Windows operating system archaeology in this 51-minute conference talk from BSides Nashville 2017. Delve into topics such as Component Object Model, Com Object Registration, Mimikatz, and persistence techniques. Learn about excavation tools, militia tactics, and evasion methods like script injection. Discover insights on privilege escalation, Office add-ins, and command line logging. Gain valuable knowledge on Windows internals and security implications from speakers Casey Smith and Matt Nelson.
Overview
Syllabus
Introduction
Objectives
Overview
Component Object Model
Component Object Resolution
Other Monitors
Com Object
Registration Free Comm
Code
Registration Helper
Register Function
Mimikatz
Switch gears
Methodology
Excavation Tools
Militia Tactics
Persistence hijacking
Persistence tree
Registry entry
Importing entries
Evasion
Script Injection
Command Line Logging
Office Addins
Privilege Escalation
Julians Blog
