Hack.lu 2017 A view into ALPC-RPC by Clement Rouault and Thomas Imbert

A view into ALPC-RPC

by Clement Rouault and Thomas Imbert

The Advanced Local Procedure Call (ALPC) is an Inter-Process Communication technique broadly utilized in current Windows model. One vital utility of the ALPC is to carry out Remote Procedure Call (RPC) on the native pc. Whereas ALPC have been scrutinized by safety researcher in the previous couple of years, its utilization within the MS-RPC have been much less documented.

This presentation will clarify what are the core buildings & API of ALPC then discover how RPC-over-ALPC works. Furthermore we are going to describe how we looked for vulnerabilities utilizing a full-Python implementation of a easy RPC shopper quickly to be launched. Lastly, an UAC bypass and a Local Privilege Escalation discovered throughout our analysis shall be introduced.

Bio: Clement Rouault – @hakril

Clement Rouault is a safety researcher at the moment working at Sogeti ESEC R&D. Fervent consumer of Python he’s interested by use, abuse and implementation of this language. His analysis pursuits embody reverse engineering, exploitation and home windows internals.

Bio: Thomas Imbert – @masthoon

Thomas Imbert works at Sogeti ESEC R&D as a safety researcher. His pursuits are centered on reverse engineering, virtualization, forensics, vulnerability analysis and exploitation. On his free time, he likes to take part to safety competitions with the khack40 group.

Subscribe to Channel:

This video by Cooper was considered 2450 and favored: 35 instances

If you want this video, please support their channel by liking and subscribing.

Subscribe Here

Leave a Comment

Your email address will not be published. Required fields are marked *