filmov
tv
Hack.lu 2017 A view into ALPC-RPC by Clement Rouault and Thomas Imbert
Показать описание
A view into ALPC-RPC
by Clement Rouault and Thomas Imbert
The Advanced Local Procedure Call (ALPC) is an Inter-Process Communication method widely used in recent Windows version. One important application of the ALPC is to perform Remote Procedure Call (RPC) on the local computer. Whereas ALPC have been scrutinized by security researcher in the last few years, its usage in the MS-RPC have been less documented.
This presentation will explain what are the core structures & API of ALPC then explore how RPC-over-ALPC works. Furthermore we will describe how we searched for vulnerabilities using a full-Python implementation of a simple RPC client soon to be released. Lastly, an UAC bypass and a Local Privilege Escalation found during our research will be presented.
Bio: Clement Rouault - @hakril
Clement Rouault is a security researcher currently working at Sogeti ESEC R&D. Fervent user of Python he is interested in use, abuse and implementation of this language. His research interests include reverse engineering, exploitation and windows internals.
Bio: Thomas Imbert - @masthoon
Thomas Imbert works at Sogeti ESEC R&D as a security researcher. His interests are focused on reverse engineering, virtualization, forensics, vulnerability research and exploitation. On his free time, he likes to participate to security competitions with the khack40 team.
by Clement Rouault and Thomas Imbert
The Advanced Local Procedure Call (ALPC) is an Inter-Process Communication method widely used in recent Windows version. One important application of the ALPC is to perform Remote Procedure Call (RPC) on the local computer. Whereas ALPC have been scrutinized by security researcher in the last few years, its usage in the MS-RPC have been less documented.
This presentation will explain what are the core structures & API of ALPC then explore how RPC-over-ALPC works. Furthermore we will describe how we searched for vulnerabilities using a full-Python implementation of a simple RPC client soon to be released. Lastly, an UAC bypass and a Local Privilege Escalation found during our research will be presented.
Bio: Clement Rouault - @hakril
Clement Rouault is a security researcher currently working at Sogeti ESEC R&D. Fervent user of Python he is interested in use, abuse and implementation of this language. His research interests include reverse engineering, exploitation and windows internals.
Bio: Thomas Imbert - @masthoon
Thomas Imbert works at Sogeti ESEC R&D as a security researcher. His interests are focused on reverse engineering, virtualization, forensics, vulnerability research and exploitation. On his free time, he likes to participate to security competitions with the khack40 team.
0:46:03
0:46:03
0:44:27
0:39:01
0:46:40
0:28:38
0:26:30
0:02:39
0:30:32
0:42:36
0:27:49
0:35:05
0:26:50
0:00:05
0:33:00
0:22:14
0:08:38
0:00:14
0:30:01
0:04:20
0:49:52
0:00:15
0:00:23
0:44:44