Overview
This course aims to teach learners how to bypass Device Guard, the application whitelisting feature in Windows 10. The learning outcomes include understanding the internals of Device Guard, exploring new execution techniques, accidental AMSI bypasses, and various ways to subvert the feature in different contexts. The course covers skills such as VBA Bypass, using Trusted Documents, Excel for Macros, alternative Shellcode Runner, Active Script, MSXML, and more. The teaching method involves diving into the implementation of Device Guard under different contexts and exploring Windows scripting engines. This course is intended for cybersecurity professionals, ethical hackers, penetration testers, and anyone interested in understanding advanced techniques for bypassing security features in Windows systems.
Syllabus
Introduction
What is Device Guard
VBA Bypass
Using Trusted Documents
Excel for Macros
Alternative Shellcode Runner
Active Script
Active Script Consumer
MSXML
Access Transform XML
Create Object Method
Cold Stacks
Scriptlets
Class ID
Register
Patched
Bypass
Alternative execution vectors
Detecting
Outro
Taught by
Hack in Paris