Date: 16th Oct – WednesdayTime: 15:00-16:00Location: Ballroom B
Finding privilege escalation in local Windows RPC servers is the new hotness. Unfortunately the standard Microsoft tooling only generates code for C/C++ which presents a problem for anyone wanting to write proof-of-concepts in a .NET language such as C# or PowerShell.
This presentation will go through the various tasks I undertook to implement a working tooling including:
* Assessing the best approaches to implementing an RPC client in .NET.
* Reverse engineering the APIs to identify the low-level ALPC implementation.
* Implementing NDR parsing and serialization
* PowerShell Integration.
The presentation will finish up with some details one of the bugs I discovered with the new tooling. The tooling itself will be available to all.