0x4d5a

The Key to COMpromise - Pwning AVs and EDRs by Hijacking COM Interfaces, Part 1 In this series of blog posts, we cover how we could exploit five reputable security products to gain SYSTEM privileges with COM hijacking. If you've never heard of this, no worries. We introduce all r...

Following our #38c3 talk about exploiting security software for privilege escalation, we're excited to kick off a new blog series! 🎊
Check out our first blog post on our journey to 💥 exploit five reputable security products to gain privileges via COM hijacking: neodyme.io/blog/com_hij...

GitHub - 0x4d5a-ctf/38c3_com_talk: Slides for COM Hijacking AV/EDR Talk on 38c3 Slides for COM Hijacking AV/EDR Talk on 38c3. Contribute to 0x4d5a-ctf/38c3_com_talk development by creating an account on GitHub.

Slides for our talk "The Key to COMpromise" (AV/EDR privilege escalation) are on GitHub.

If you want to discuss this stuff, you can find @k0lj4.bsky.social or me at the CTF area of #38c3

github.com/0x4d5a-ctf/3...

Yeah, totally agree. AVG did somehow block DLLs that weren't located in allow-listed folders, not really sure how it was implemented. However, C:/Windows/System32/* was allowed and System32/spool/drivers/color/ is user writeable...

Nice! I wasnt aware of your research, seems you beat us by a few years :D impressive to see that little changed regarding the attack surface and the actual vulns ...

Different privilege escalation vulns in security products? See our talk tomorrow :)