Amankumar Badhel
Amankumar Badhel is a passionate threat researcher with a sharp focus on detection engineering. He brings deep insights from the frontlines of offensive security. Blends cutting-edge research with practical detection strategies to help organizations stay ahead of evolving threats.
Session
Abstract:
What if the technology designed to protect your Windows System could be used against it?
In this session, we will dwell deep into the journey of a hidden world of Use Access Control (UAC) and Component Object Model (COM), uncovering how attackers can turn these essential security features into weaponization for privilege escalation.
Join me as we pull back the curtain on the often-overlooked vulnerabilities within UAC and COM, revealing how crafty an adversary exploits elevated COM interfaces to bypass UAC consent prompts without user interaction through live demonstration and real-world examples from prolific Ransomware (BlackCat).
This is not all about bad news. It also equips you with the knowledge and tools to detect, prevent, and defend against these sophisticated techniques.
Whether you’re a cybersecurity veteran or a curious newcomer, this talk promises to deepen your understanding of Windows Internal and elevate your defense strategies against UAC Elevated COM-Bypass exploits.
Key Takeaways:
1. Intersection of COM and UAC: COM objects are used by various applications in Windows to perform tasks. Some of these objects run with elevated privileges. UAC is designed to prevent unauthorized elevation, but if a COM object is improperly configured, it can be exploited to bypass UAC.
2. Exploitation Method: This bypass typically involves identifying a vulnerable COM object that does not trigger a UAC prompt when instantiated. An attacker can execute their payload through this object, gaining elevated privileges without user consent.
3. Live Demo: Examples from prolific Ransomware, BlackCat, and skeleton code.
4. Threat Hunt Use Case: Detection Logic/Tools and actionable IOCs for UAC Bypass.