A view into ALPC-RPC
by Clement Rouault and Thomas Imbert
The Advanced Local Procedure Call (ALPC) is an Inter-Process Communication technique broadly utilized in current Windows model. One vital utility of the ALPC is to carry out Remote Procedure Call (RPC) on the native pc. Whereas ALPC have been scrutinized by safety researcher in the previous couple of years, its utilization within the MS-RPC have been much less documented.
This presentation will clarify what are the core buildings & API of ALPC then discover how RPC-over-ALPC works. Furthermore we are going to describe how we looked for vulnerabilities utilizing a full-Python implementation of a easy RPC shopper quickly to be launched. Lastly, an UAC bypass and a Local Privilege Escalation discovered throughout our analysis shall be introduced.
Bio: Clement Rouault – @hakril
Clement Rouault is a safety researcher at the moment working at Sogeti ESEC R&D. Fervent consumer of Python he’s interested by use, abuse and implementation of this language. His analysis pursuits embody reverse engineering, exploitation and home windows internals.
Bio: Thomas Imbert – @masthoon
Thomas Imbert works at Sogeti ESEC R&D as a safety researcher. His pursuits are centered on reverse engineering, virtualization, forensics, vulnerability analysis and exploitation. On his free time, he likes to take part to safety competitions with the khack40 group.
Subscribe to Channel:
This video by Cooper was considered 2450 and favored: 35 instances
If you want this video, please support their channel by liking and subscribing.