Utilizing Lol-Drivers in Post Exploitation Tradecraft
Hack In The Box Security Conference via YouTube
Learn AI, Data Science & Business — Earn Certificates That Get You Hired
Master Agentic AI, GANs, Fine-Tuning & LLM Apps
Overview
Google, IBM & Meta Certificates – 40% Off
One plan covers every Professional Certificate on Coursera.
Unlock All Certificates
Explore advanced post-exploitation techniques using signed drivers for offensive purposes in this conference talk from the Hack In The Box Security Conference. Delve into methodologies that leverage legitimate drivers to simulate kernel-mode threats, bypassing Windows Driver Signature Enforcement and PatchGuard. Learn how red teams can upgrade their toolset with kernel-mode attack capabilities without developing custom rootkits. Discover practical approaches to combine user-mode and kernel-mode techniques for enhanced evasion and mitigation bypass. Watch live demonstrations showcasing the use of Process Hacker's signed driver for credential dumping, process injection, and C2 communication. Gain insights into implementing these advanced techniques in existing red team toolsets and understand how threat actors have utilized similar methods in the past.
Syllabus
#HITB2021AMS D1T1 - Utilizing Lol-Drivers In Post Exploitation Tradecraft - BariÅŸ Akkaya
Taught by
Hack In The Box Security Conference