agenda
РУС
BACK
Getting secrets in Windows OS is becoming more difficult every year with modern EDRs watching every move. This talk will present a new way to extract user credentials on the fly without writing to disk, accessing LSASS, triggering EDR, and even without SYSTEM privileges.
The speaker will discuss the registry and what it looks like in user space and kernel space as well as how it can be accessed using the Native API with minimal permissions.
The presentation will delve into the architecture of LSA and its databases, also how modern EDRs monitor access to the registry and what ways and techniques exist to bypass these security mechanisms.
The talk will be perfect for anyone looking to sharpen their offensive or defensive skills in Windows
SPEAKERS
Haidar Kabibo
Application Security Specialist, Assume Birch Team
Haidar is a security researcher working as a middle application security specialist. His interests include Windows internals, communication systems, network protocols, and industrial infrastructure
We use cookies to personalize our services and enhance your browsing experience. You can disable cookies in your browser settings. Read our cookie policy to learn more about how we use cookies