2019 National Cyber Summit

Summit Speaker Shawn Edwards

Session Information

Exploiting COM for Advanced Persistence
Thursday, June 6, 2019 2:15 p.m. - 3:00 p.m.
Through the built-in Windows API, it is possible to establish persistence within a network on bootup and/or execution of almost any program through COM hijacking. While many industries focus on STIG-like security measures or compliance for security, abusing flaws in Windows that will likely never be mitigated is the focus of this presentation. We will step through various methods including local and remote versions of how this exploitation works as well as techniques to hide it within a system. Also, we will also cover ways to bypass UAC protections through COM that Microsoft publicly stated they will not fix.
Sean Hopkins photo
Sean Hopkins
Red Team Security Engineer
Millennium Corporation
Sean is an active member of the security community, and by day he is a red team operator, and breaker of things. His focus within security include finding new ways of abusing COM, alternate persistence techniques, experimenting with undocumented Windows API structures, a little exploitation development, and all things C#. Sean’s professional career has spanned from web hosting, penetration testing, auditing, network administration, compliance, and now red team operations.
Shawn Edwards photo
Shawn Edwards
Cyber Adversarial Engineer
The MITRE Corporation
Shawn Edwards is a Cyber Adversarial Engineer for the MITRE Corporation. He began his career at the Parsons Corporation, where he worked in software development and IT configuration management in support of the DoD. After being accepted to the SFS: CyberCorps program at the University of Alabama in Huntsville, he resumed his education and obtained a Bachelors of Computer Science with a focus in Cyber Security. In the meantime, he performed security research on a rapid prototyping and development team at MITRE, and interned on a DoD red team in support of their cyber operations and tool-building efforts. Shawn has recently rejoined MITRE, where he is assisting with adversary emulation research and development. In his downtime, he enjoys hiking, watching British comedy, brewing mead, writing offensive C# tools, and searching for new ways to abuse "features" of the Windows operating system.

Meet Our NCS 2019 Speakers

Jocquette Blue Photo Jocquette Blue Senior Cybersecurity Analyst H2L Solutions
Paige Boshell Photo Paige Boshell Managing Member Privacy Counsel LLC
Wayne Burke Photo Wayne Burke Vice President and Co-Founder Cyber2 Labs, LLC
Paul Coggin Photo Paul Coggin Cyber Security Research Scientist Financial Institution
Brian Contos Photo Brian Contos CISO Verodin
Randall Cottrell Photo Randall Cottrell Chief Executive Officer Bluejireh Incorporated
Joshua Crumbaugh Photo Joshua Crumbaugh Chief Hacker/Chief Operating Officer PeopleSec® LLC
Ben Curry Photo Ben Curry Chief Architect, Managing Partner Summit 7 Systems
Robert Decicco Photo Robert Decicco MD Digital Intelligence
Byron DeLoach Photo Byron DeLoach Director of Adaptive Services Cybriant
Nicholas Downer Photo Nicholas Downer Systems Security Engineer/Instructor Millennium
Major Bradley Eames Photo Major Bradley Eames 47CTS OL-A Deputy Commander 47 Cyberspace Test Squadron
Rita Edwards Photo Rita Edwards Featured Cyber Security Instructor CyberProtex
Mr. Scott Edwards Photo Mr. Scott Edwards President Summit 7 Systems
Shawn Edwards Photo Shawn Edwards Cyber Adversarial Engineer The MITRE Corporation
Irene Garcia-Goan Photo Irene Garcia-Goan Sr. Cybersecurity Analyst H2L Solutions
Travis Green Photo Travis Green
Jonathan Hard Photo Jonathan Hard Chief Operating Office and President H2L Solutions
Matt Henson Photo Matt Henson CEO Trade Collaboration Engine
Sean Hopkins Photo Sean Hopkins Red Team Security Engineer Millennium Corporation
Dr. DJ Hovermale Photo Dr. DJ Hovermale Senior Cyber Operations Training Analyst, Principal SAIC
Dr. Michaela Iorga Photo Dr. Michaela Iorga Senior Security Technical Lead NIST
Ray Kelly Photo Ray Kelly Security Architect Micro Focus
Ben McGee Photo Ben McGee CyberProtex Featured Cyber Security Instructor
Dr. Wesley McGrew Photo Dr. Wesley McGrew Director of Cyber Operations HORNE Cyber
Charlene Mowery CISM, PE Photo Charlene Mowery CISM, PE Vice President of Global Business and Marketing, Cybersecurity SME Ultra Electronics, 3eTI
Ms. Sonia Mundra Photo Ms. Sonia Mundra President Chenega Analytic Business Solutions, LLC (CABS)
Michael Portera Photo Michael Portera Red Team Security Engineer Millennium Corporation
Jonathan Risto Photo Jonathan Risto
Robert Rounsavall Photo Robert Rounsavall Co Founder Trapezoid, Inc.
Kell Rozman Photo Kell Rozman Security Software Engineering Senior Manager Toyota Motor North America
Antonio (Tony) Rucci Photo Antonio (Tony) Rucci Director, InfoSec & Threat Intelligence GRIDSMART Technologies
Greg Schaffer Photo Greg Schaffer Principal vCISO Services, LLC
Jake Schneider Photo Jake Schneider Director of Cyber Technologies GaN Corporation
Winn Schwartau Photo Winn Schwartau Chief Visionary Officer Winn Schwartau LLC
Jeffrey Shapiro Photo Jeffrey Shapiro Senior Cyber Operations Training Analyst, Principal SAIC
Dr. Joshua Stroschein Photo Dr. Joshua Stroschein Training and Academic Outreach Open Information Security Foundation
Trevor Vaughan Photo Trevor Vaughan Vice President Engineering Onyx Point, Inc.
Dr. Brad Wardman Photo Dr. Brad Wardman Head of Threat Intelligence PayPal
Mark Whigham Photo Mark Whigham Instructor Calhoun Community College
Mr. Wes Widner III Photo Mr. Wes Widner III Senior Cloud Engineer CrowdStrike
Shirley Zhao Photo Shirley Zhao Principal Program Manager, Product Security Compliance and Governance Blackberry

View AgendaView Speaker Listing

Attend NCS 2019 to meet and hear speakers like this!

Register Now