BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//cfp.securitybsides.org.uk//bsides-london-2024//talk//N3Z
 G7S
BEGIN:VTIMEZONE
TZID:GMT
BEGIN:STANDARD
DTSTART:20001029T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:GMT
TZOFFSETFROM:+0100
TZOFFSETTO:+0000
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000326T020000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:BST
TZOFFSETFROM:+0000
TZOFFSETTO:+0100
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-bsides-london-2024-N3ZG7S@cfp.securitybsides.org.uk
DTSTART;TZID=GMT:20241214T105500
DTEND;TZID=GMT:20241214T111000
DESCRIPTION:Abstract:\nWhat if the technology designed to protect your Wind
 ows System could be used against it? \nIn this session\, we will dwell dee
 p into the journey of a hidden world of Use Access Control (UAC) and Compo
 nent Object Model (COM)\, uncovering how attackers can turn these essentia
 l security features into weaponization for privilege escalation.\nJoin me 
 as we pull back the curtain on the often-overlooked vulnerabilities within
  UAC and COM\, revealing how crafty an adversary exploits elevated COM int
 erfaces to bypass UAC consent prompts without user interaction through liv
 e demonstration and real-world examples from prolific Ransomware (BlackCat
 ).\nThis is not all about bad news. It also equips you with the knowledge 
 and tools to detect\, prevent\, and defend against these sophisticated tec
 hniques.\nWhether you’re a cybersecurity veteran or a curious newcomer\,
  this talk promises to deepen your understanding of Windows Internal and e
 levate your defense strategies against UAC Elevated COM-Bypass exploits.\n
 \nKey Takeaways:\n1.	Intersection of COM and UAC: COM objects are used by 
 various applications in Windows to perform tasks. Some of these objects ru
 n with elevated privileges. UAC is designed to prevent unauthorized elevat
 ion\, but if a COM object is improperly configured\, it can be exploited t
 o bypass UAC.\n2.	Exploitation Method: This bypass typically involves iden
 tifying a vulnerable COM object that does not trigger a UAC prompt when in
 stantiated. An attacker can execute their payload through this object\, ga
 ining elevated privileges without user consent.\n3.	Live Demo: Examples fr
 om prolific Ransomware\, BlackCat\, and skeleton code.\n4.	Threat Hunt Use
  Case: Detection Logic/Tools and actionable IOCs for UAC Bypass.
DTSTAMP:20260611T002639Z
LOCATION:Rookie track 1
SUMMARY:Commanding Heights: Unmasking COM-Based UAC Bypass Techniques. - Am
 ankumar Badhel
URL:https://cfp.securitybsides.org.uk/bsides-london-2024/talk/N3ZG7S/
END:VEVENT
END:VCALENDAR