NorthSec 2022

Red Team Tradecraft - Vulnerability Research for Operators
2022-05-20, 16:35–17:05, Ville-Marie

It's becoming more difficult to rely on publicly accessible tools to exploit weaknesses in enterprise Windows environments to carry out effective red team operations. Complex environments, on the othe

Operators frequently find themselves in situations where there is no clear path to escalate and break out of the beachhead - target systems have been patched, automated tooling has failed to detect exploitable misconfigurations, exploitation frameworks have failed, and manual analysis techniques have been exhausted. In these scenarios, an operator's ability to quickly identify and triage previously unreported vulnerabilities might be the difference between fulfilling objectives and providing an effective red team engagement or remaining stranded on that beachhead and pursuing other pathways.

In this talk, we will discourse about the below mentioned security weaknesses in enterprise windows environments needed to escalate privileges, execute arbitrary code, or facilitate lateral movement.

Windows Access Control List (ACL) Abuses, .NET Vulnerabilities, Interprocess Communication (IPC) Bugs, File & Protocol Handlers Bugs, File System Bugs, Driver-Based Vulnerabilities

What is the language of your talk/workshop?


Etizaz Mohsin is a cyber security researcher who is the first to demonstrate the remote compromise of luxury hotels around the world putting millions of guests. He has spoken at top-tier cyber security conferences including DEFCON, HITCON, ATHACK, HACTIVITY, DEEPSEC, SECTOR, GREHACK, HACKFEST, ARAB SECURITY CONFERENCE, Texas Cyber Summit etc. He has achieved industry certifications, the prominent of which are OSEE, OSWE, OSCE, OSCP, OSWP, CREST CRT, CPSA, EWPTX.

This speaker also appears in: