BSides Oslo 2019

May 23rd, 2019 at MESH

Finding Privilege Escalation with Procmon

Time: 14:00
Length: 45 minutes
Recording: https://www.youtube.com/watch?v=s-Vdt2-kZPc

Process Monitor (procmon) is a powerful tool for observing the behavior of Windows systems. With little configuration, procmon can be used to find bugs that allow privilege escalation as long as you know what to look for and where. This talk will demonstrate the process that Vetle has used to find zero-day vulnerabilities with procmon.

Speaker:

Vetle Økland

Vetle is a pentester and developer at Nagarro and likes to spend time doing vulnerability research and exploit development. He is new to the professional field, with a background as an independent developer of web and mobile applications.