Explore advanced hacking techniques using Microsoft-signed binaries in this 55-minute Black Hat conference talk. Learn how to leverage PowerShell and a Microsoft-signed debugger to perform various attacks, including password retrieval from userland memory, shellcode execution through dynamic PE parsing, and kernel-level attacks for advanced system persistence. Discover methods to bypass User Account Control (UAC), exploit McAfee password vulnerabilities, and utilize Microsoft debugging tools for malicious purposes. Gain insights into live kernel debugging, Hyper-V operator exploitation, and Empire framework integration. Witness practical demonstrations and understand the implications for red team operations and cybersecurity professionals.
Overview
Syllabus
Introduction
Who am I
Why did I do that
Agenda
Per Memory
Pure Shell
Partial
Per Shell
Windbg
How does it work
antivirus will detect it
Microsoft tools
Proof of concept
Other tools
Bypass UAC
McAfee Password
Microsoft debugger
Key
Authentication Provider
HyperV Operator
LiveKDAXZ
Demo
Empire
Pull Request
Demonstration
Basic Theme
Minesweepers
Thank you
Red Team
Debug Mode
Taught by
Black Hat
