2020 National Cyber Summit

Summit Speaker Sean Hopkins

Session Information

Exploiting COM for Advanced Persistence
Thursday, June 6, 2019 2:15 p.m. - 3:00 p.m.
Through the built-in Windows API, it is possible to establish persistence within a network on bootup and/or execution of almost any program through COM hijacking. While many industries focus on STIG-like security measures or compliance for security, abusing flaws in Windows that will likely never be mitigated is the focus of this presentation. We will step through various methods including local and remote versions of how this exploitation works as well as techniques to hide it within a system. Also, we will also cover ways to bypass UAC protections through COM that Microsoft publicly stated they will not fix.
Von Braun Center - North Hall | Salon 3
Shawn Edwards photo
Shawn Edwards
Cyber Adversarial Engineer
The MITRE Corporation
Shawn Edwards is a Cyber Adversarial Engineer for the MITRE Corporation. He began his career at the Parsons Corporation, where he worked in software development and IT configuration management in support of the DoD. After being accepted to the SFS: CyberCorps program at the University of Alabama in Huntsville, he resumed his education and obtained a Bachelors of Computer Science with a focus in Cyber Security. In the meantime, he performed security research on a rapid prototyping and development team at MITRE, and interned on a DoD red team in support of their cyber operations and tool-building efforts. Shawn has recently rejoined MITRE, where he is assisting with adversary emulation research and development. In his downtime, he enjoys hiking, watching British comedy, brewing mead, writing offensive C# tools, and searching for new ways to abuse "features" of the Windows operating system.
Sean Hopkins photo
Sean Hopkins
Red Team Security Engineer
Millennium Corporation
Sean is an active member of the security community, and by day he is a red team operator, and breaker of things. His focus within security include finding new ways of abusing COM, alternate persistence techniques, experimenting with undocumented Windows API structures, a little exploitation development, and all things C#. Sean’s professional career has spanned from web hosting, penetration testing, auditing, network administration, compliance, and now red team operations.