A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


COM Hijacking Techniques - David Tulis Derbycon 2019 (Hacking Illustrated Series InfoSec Tutorial Videos)

COM Hijacking Techniques
David Tulis
Derbycon 2019

The COM interface lies at the core of Windows, and subtle registry changes can interfere with this the OS in unexpected ways. COM hijacking allows an attacker to load a library into a calling COM-enabled process. It?s a feature, not a bug. While it is commonly used for persistence, some famous COM hijacks have led to more severe exploits. COM hijacking is already used by several families of malware, and it?s time that pentesters caught up on how to abuse this feature. This presentation will cover COM hijacking from start to finish; showing how discover hijackable COM objects, how to use them offensively, and how to make the calling process remain stable. The blue team will not be forgotten; the talk will cover detection strategies for identifying and defending against COM hijacks.

David Tulis (@kafkaesqu3) is a senior security consultant at NCC Group, where he specializes in adversary simulations, red teams, and network penetration tests. He is most comfortable operating in Windows and Active Directory environments, but always enjoys the challenge of developing new techniques, and learning how to hack new and exciting things.


Back to Derbycon 2019 video list

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast