Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Windows Agentless C2 - Abusing the MDM Client Stack

Ekoparty Security Conference via YouTube

Overview

Explore groundbreaking research on exploiting the Windows Mobile Device Management (MDM) stack to create an agentless Command and Control (C2) system in this conference talk from Ekoparty 2023. Delve into a comprehensive analysis of the MDM client architecture, protocols, components, and workflows, uncovering previously undisclosed vulnerabilities and attack vectors. Follow the speaker's journey in developing a custom C2 server, implementing MDM protocols, crafting malicious commands, and extending the MDM Client stack to support second-stage payloads. Learn how to exploit the MDM client architecture for remote device control, privilege escalation, security feature disabling, and arbitrary code deployment without traditional agent installation. Gain insights into innovative techniques for exploiting Windows features and discover potential defensive strategies against this emerging threat vector. Presented by Marcos Oviedo, an infosec professional specializing in Windows internals and reverse engineering, this talk aims to inspire further research and contribute to the information security field.

Syllabus

Windows Agentless C2: (Ab)using the MDM Client Stack - Marcos Oviedo - Ekoparty 2023

Taught by

Ekoparty Security Conference

Reviews

Start your review of Windows Agentless C2 - Abusing the MDM Client Stack

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.