COM to the Dark Side

Stealthy lateral movement, session manipulation, and credential theft using novel COM and DCOM techniques.

Description

The Component Object Model (COM) is a widely used Windows technology, yet its complexity conceals untapped potential for offensive security. This talk presents novel red team techniques that abuse COM and Distributed COM (DCOM) objects to enable stealthy lateral movement, session manipulation, and credential theft.

We will uncover new attack surfaces and primitives that leverage COM for unconventional cross-session privilege escalation, coercion, and lateral movement. These methods achieve effects comparable to heavily detected techniques while evading endpoint security defenses.

Attendees will leave with a deeper understanding of COM/DCOM attack vectors, practical research opportunities, and actionable defensive strategies to counter these threats.

Why the committee chose this talk

With Microsoft still supporting all old APIs in onPremise installations, the security of these is a major concern.