Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Automated Discovery of Logical Privilege Escalation Bugs in Windows 10

Hack In The Box Security Conference via YouTube

Overview

Explore an innovative approach to automated discovery of logical privilege escalation vulnerabilities in Windows 10 services in this 50-minute conference talk from the Hack In The Box Security Conference. Delve into the methodology for building an automated system that simulates user interactions and calls related interfaces to uncover and preliminarily analyze logical vulnerabilities. Learn how the speakers leveraged historical bug analysis and minimal Windows internals knowledge to develop this technique. Gain insights into their examination of Advanced Local Procedure Call (ALPC) in Windows, which led to the discovery of a local privilege escalation bug. Understand the challenges of overcoming security checks like TOCTOU problems and the advanced skills employed to bypass these checks. Discover how the automated discovery system was constructed and successfully identified three new vulnerabilities in just one week.

Syllabus

#HITB2019AMS D1T2 - Automated Discovery Of Logical Priv. Esc. Bugs In Win10 - Wenxu Wu and Shi Qin

Taught by

Hack In The Box Security Conference

Reviews

Start your review of Automated Discovery of Logical Privilege Escalation Bugs in Windows 10

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.