WS-04

Bypassing Windows OS Hardening & end-point protection apps

Oct 4th and 5th, 2023
Grand Hyatt, Kochi, India

WS-04

Bypassing Windows OS Hardening & end-point protection apps

With growing usage of desktop applications in various segments like aviation, healthcare, public infrastructure, logistics, finance, education, hospitality and many more in the form of kiosk / un-attended systems in public, it opens scope of information & network security. Also with change in way of work getting flexible from home due to Covid-19, this increases the responsibilities of enterprises to have their systems run safely using multiple endpoint protection tools like DLP/EDR/KIOSK/PAM etc..

This training course would target such areas where systems are secured via hardening using Windows/3rd party tools and how we can evade hardening to gain unrestricted system access. After having system access trying to elevate privilege within the Windows system.

Learning these techniques would help in pentest, designing tools securely which can be used in commercial products or enterprise systems.

Course Content (ToC):

  • Day 1:
    • Setting up OS Hardening with custom scripts
    • Win10 KIOSK Bypass techniques to access restricted windows components like creds. manager, certificate store, registry, filesystem, etc.
    • Group policies and Registry restriction bypass
    • Various techniques to access command prompt / powershell when blocked via sys. admin
    • UWF (unified write filter) bypass technique
    • Accessing restricted Control Panel components
    • Kiosk apps bypass via Unquoted service path & least privilege principle
    • bcdedit, insecure boot to evade DLP/EP softwares/KIOSK
    • Gaining Command execution via compiling binaries, using other platform binaries, extension precedence rule, shortcuts, task scheduler, ActiveXObject, etc..
  • Day 2:
    • Applocker restriction rules and various bypass techniques
    • EDR evasion techniques:
      • Win32 API primer
      • process injection
      • process hollowing
      • basic & heuristics bypass
      • in-memory execution
      • offensive VBA
      • VBA Stomping
      • VBA Obfuscation
      • AMSI bypass
    • Compiling your own payload to evade detection and execute desired code
    • Using ReactOS to evade signature based app restriction

Who should take this training:

Pentesters, Security architects or developers who want to have security by design in their products, Windows administrators, security professionals from IT security

Who would not be a good fit for this training:

People focusing on any other OS apart from Windows, People Looking for Network Assessments/core Anti-virus evarion/Fuzzing/Kernel exploitation/Forensics.

Audience level:

Intermediate

Student Requirement:

  • Basic Knowledge of how any OS works and how thick client works
  • Basic Knowledge on how to use VirtualBox
  • Although there would be few scripts used during the session, but it's completely fine if you do not have scripting/programming expertise.
  • Windows 10 Evaluation VirtualBox VM (90 days trial / License if they have)
  • List of other tools would be shared to participants

Speakers

Kartik Lalan

Sr. Security Engineer , PIC (Independent) , India

Product Security Engineer @ Security Centre of Excellence – Philips Innovation Campus. He is M.Tech. in CS with Specialization in Information & Network Security. He conducts frequent talks and workshops on Info Sec topics @ several places including C0C0N, Bsides Delhi & Bangalore Chapter, OWASP, Null A'bad & Bangalore Chapter, DroidCon-IN. Kartik loves to write technical Blogs in his leisure time

Aravind C Ajayan

Sr. Security Engineer , PIC (Independent) , India

Sr. Security Engineer with Philips and is part of the Security Centre of Excellence team. Aravind's primary areas of expertise are web/thick client application penetration testing, hardened system security, network security, and windows active directory security. He has helped to fix severe issues in IMS(Internet Management Software) solutions through responsible disclosures. Aravind pursued his master's in Cyber Security Systems and Networks from Amrita Vishwa Vidyapeetham, Coimbatore. He is an Offensive Security Certified Professional (OSCP) and has published several research papers on security in IEEE and Springer

ORGANIZED BY

Information Security Research Association Kerala Police

ORGANIZING PARTNERS

UNICEF UNICRI Centre for Artificial Intelligence and Robotics International Centre for Missing & Exploited Children WeProtect Global Alliance CESP | Conseil Européen des Syndicats de Police Kerala IT Mission

PLATINUM SPONSORS

Federal Bank Synthite RP GRPUP

GOLD SPONSORS

Keyzotrick Intelligence Pvt. Ltd National Critical Information Infrastructure Protection Centre Bharat Petroleum Palo Alto Networks Cyble - Cybersecurity Threat Intelligence Platform & Solutions Seqrite

SILVER SPONSORS

Cochin Shipyard ICICI Bank State Bank of India SBI Life Geojit SFS Homes Cochin International Airport Manage Engine Resecurity: Cybersecurity Solutions and Services Fortinet Technologies India Pvt Ltd &

BRONZE SPONSORS

GAIL (india) LIMITED Canara Bank Elite Foods CSB Bank Petronet LNG Luker India Trend Micro AVT Natural CYFIRMA Indian Oil Corporation Cochin Port Trust Kerala State Industrial Development Corporation ESAF Bank The Kerala Minerals and Metals Limited

EXHIBITORS

PureID Cyble - Cybersecurity Threat Intelligence Platform & Solutions Resecurity: Cybersecurity Solutions and Services Prophaze Manage Engine Darwis Fortinet Technologies India Pvt Ltd & Alibi Global Private Limited eSec Forte Technologies Palo Alto Networks Seqrite Innspark Enterprise Security C-DAC: Centre for Development of Advanced Computing, India ECS Biztech State Bank of India Kratikal Tech Pvt. Ltd. CYFIRMA TerraEagle Netskope Geojit

COMMUNITY PARTNERS

EliteCISOs GTech - Group of Technology Companies - Technopark, Infopark, Cyberpark BSides Odisha

NETWORKING PARTNER

WTC Kochi

MEDIA PARTNERS

Information Security Media Group The 420

STRATEGIC PARTNER

CXOCywayz

Jet Suit demo partner

Synthite

c0c0n @16

c0c0n is a 15 years old platform that is aimed at providing opportunities to showcase, educate, understand and spread awareness on Information Security, data protection, and privacy...

Grand Hyatt Floor Plan

Where & When?

Oct 04th to 07th 2023
Grand Hyatt, Kochi, India

Reach us @

(+91) 974-690-6654
m@is-ra.org