Overview
The course covers Windows Operating System Archaeology, focusing on topics such as Component Object Model, Persistence hijacking, Registry entry, Script Injection, and Privilege Escalation. The learning outcomes include understanding various excavation tools, methodologies, and militia tactics. The course teaches skills like using Mimikatz, Command Line Logging, and Office Addins. The teaching method involves a combination of lectures and practical demonstrations. The intended audience for this course includes cybersecurity professionals, digital forensics experts, and individuals interested in Windows OS security analysis.
Syllabus
Introduction
Objectives
Overview
Component Object Model
Component Object Resolution
Other Monitors
Com Object
Registration Free Comm
Code
Registration Helper
Register Function
Mimikatz
Switch gears
Methodology
Excavation Tools
Militia Tactics
Persistence hijacking
Persistence tree
Registry entry
Importing entries
Evasion
Script Injection
Command Line Logging
Office Addins
Privilege Escalation
Julians Blog