We are excited to work with Facebook in putting on our next OF! Anyone in the NYC area is welcome to come eat, have a drink, and learn a thing or two from our guest speakers in the infosec community!
Food, drinks, & social to begin at 6pm, talks begin at 6:30pm:
RSVP here: https://nccgroupeventnyc.splashthat.com/
Speaker: David Tulis, Senior Security Consultant - NCC Group
Title: COM Hijacking
The COM interface is a standard for interprocess communication used by Microsoft Windows. Everything is an object in Windows world, and Microsoft has defined an interface for passing objects between programs for easy programming. The method of object sharing can easily be hijacked. COM hijacking is the cousin of DLL hijacking; the technique allows an attacker to load a library into a process which uses the COM interprocess communication channel.
Regardless of how hardened a process is against injection, an unprivileged user can hijack the location of a COM-exposed library by writing a registry key inside one of many obscure GUIDs. Autoruns has no power here. The presented technique is already being used by several families of malware, and it’s time pentesters caught up.
COM hijacks are feature, not a bug. They are most commonly used as a persistence mechanism, but hijacking the right library can lead to UAC bypasses, AMSI bypasses, privilege escalations, or code injection into protected processes.
Speaker: Dominic Spinosa - Facebook
Title: Fridamania in Security
Abstract: Frida is a dynamic, cross-platform instrumentation toolkit intended for security researchers, developers, and reverse engineers. For years, the tool has been and continues to be used heavily in the mobile space, allowing for deep introspection when targeting both mobile applications and the major mobile operating systems themselves. This capability allows security professionals to demystify application logic, bypass application-level security controls, disclose application secrets (e.g., encryption/decryption keys) and discover vulnerabilities in a number of bug classes.
Recently, the security community has begun to notice the true power offered by Frida, especially outside of the context of mobile devices. After all, the framework has supported macOS, Windows, and Linux for a number of years. This created a shift in the usage of Frida within the security community, empowering members to leverage the framework for vulnerability research and fuzzing, introspecting the internals of traditional desktop operating systems, and even game hacking!
As a Red Teamer, this was an opportune time to rekindle my experience with Frida from my mobile penetration testing days. However, curiosity led me to wonder if the framework could be used for purposes more suited for red team operations and similar exercises. This talk will describe my attempts to answer, “How can we use Frida to solve other offensive security problems?”, and the paths this journey has taken me along the way.
Speaker: Kelly Lum - Mistakes were made: What works as a security practitioner and what doesn't. (Abstract TBA, shortly.)