At Shmoocon early this year, we released Potato, a new method and tool that took advantage of neglected 15 year old issues in all versions of Windows to elevate any user's privilege to SYSTEM in default configurations. We had planned on releasing a much improved version of said tool here at Derbycon, but Microsoft had other plans. On June 14, 2016 we were surprised to find that Microsoft released MS16-075 which seems to break Potato. Luckily we still have one more trick up our sleeves that has proved useful in real-life scenarios. We will be discussing a technique based on the Potato exploit that allows for elevation from many Windows service accounts (such as those used by IIS and SQL Server) to SYSTEM in default configurations on all Windows versions.

Stephen Breen - "Stephen Breen is a Principal Consultant with the Offensive Security and Red Team at NTT Com Security. His time is split between delivering high end penetration testing engagements and R&D that is inspired by real-world experience. Stephen has been dabbling in infosec before it was called infosec, ever since his Windows 95 machine was DoS?d by an IRC skiddie using the ?Ping of Death?. On paper, he has an academic and development background, with a Masters in CS at McGill University and performed development and operations roles before getting into the security industry." Chris Mallz - "Chris Mallz has been into computers for as long as he can remember. Getting a job at a repair shop as a teenager only furthered his quest for knowledge. His interests include satellites, tradecraft, low level networking, code, and recently Windows. After taking a break for research and to learn how to code he's now returned and is eager to find a job where he can share his unique ideas."

@breenmachine, @vvalien1

Back to Derbycon 2016 video list