#HITBCyberWeek D2T2 - Reimplementing Local RPC In .Net - James Forshaw

Finding privilege escalation in local Windows RPC servers is the new hotness. Unfortunately the standard Microsoft tooling only generates code for C/C++ which presents a problem for anyone wanting to write proof-of-concepts in a .NET language such as C# or PowerShell.

This presentation will go through the various tasks I undertook to implement a working tooling including:

* Assessing the best approaches to implementing an RPC client in .NET.

* Reverse engineering the APIs to identify the low-level ALPC implementation.

* Implementing NDR parsing and serialization

* PowerShell Integration.

The presentation will finish up with some details one of the bugs I discovered with the new tooling. The tooling itself will be available to all.

===

James is a security researcher in Google’s Project Zero. He has been involved with computer hardware and software security for over 10 years looking at a range of different platforms and applications. With a great interest in logical vulnerabilities he’s been listed as the #1 researcher for MSRC, as well as being a Pwn2Own and Microsoft Mitigation Bypass bounty winner. He has spoken at a number of security conferences including Black Hat USA, CanSecWest, Bluehat, HITB, and Infiltrate. He’s also the author of the book “Attacking Network Protocols” available from NoStarch Press.