Yash Bharadwaj

Chief Technical Architect

Back to the list of Speakers and Sessions

Yash Bharadwaj Chief Technical Architect, CyberWarFare R&D Pvt. Ltd

Yash Bharadwaj, CTO and Senior Security Researcher at CyberWarFare Labs [Incubated by IIT Kanpur]. With his expertise of 4+ years in Red Teaming, he is highly attentive towards finding, learning and discovering new TTP’s used during offensive engagements, he is a Subject Matter Expert on Active Directory Attacks. His area of interest includes (but not limited to) evading AVs, EDRs, Active Directory infrastructure and Advance Windows & cloud-based attacks. He has done various on-site / remote Red Team engagements in MNCs, government agencies etc. Previously he has delivered hands-on red team trainings at BSIDES Ahmedabad, OWASP Seasides 19, Red & Blue Team Training at BSIDES Delhi and BSIDES Connecticut (USA), OWASP APPSEC Indonesia 20, CISO Platform 21. He has delivered Cyber Security Trainings in Asia’s largest Information Security Conference Nullcon 21. You can reach out to him on Twitter @flopyash

Workshop: Advanced Process Injection Techniques

This is a remote workshop.

Workshops are first-come, first-serve and have limited capacity. Some workshops may be streamed for additional passive participation.

Adversaries are performing process Injection techniques to evade defenses / circumvent security controls in an enterprise environment enabling them privileged access / low-level persistence.

"Advanced Process Injection Techniques" is a hands-on workshop focused on providing candidates insights about the APT tactics & techniques on the privilege escalation & persistence phase. This workshop is a quick deep-dive into the Microsoft windows world of process, memory and internals. There are 7 hands-on labs focused on host-level injection techniques, the candidates will learn how to develop custom trade-craft that stealthily input implants and escalate privileges.

The workshop outline are as follows :

1) PE Basics (10 minutes) 2) 7 Process Injection Labs (2 hr : 50 minutes) - APC Code Injection (25 min) - Module Stomping (25 min) - Process Hollowing (15 min) - Process Doppelganging (30 min) - Transacted Hollowing (20 min) - Process Herpaderping (20 min) - Process Ghosting (10 min)

The lab content / lab material are listed here : https://github.com/RedTeamOperations/Advanced-Process-Injection-Workshop

For any feedback / clarifications please contact yashb@cyberwarfare.live

Pre-requisites/assumed knowledge:

Intermediate to Advanced level knowledge is required.

1) Familiarity with windows internals (but not mandatory) 2) PE basics (but now mandatory)

Participants should prepare by:

The details are mentioned here : https://docs.google.com/document/d/1bNrSDWy-Yc3as2ZlvB_X3XOICUjbGUaKkw9PHDvxNAo/edit

Participants must have the following equipment:

The details are mentioned here : https://docs.google.com/document/d/1bNrSDWy-Yc3as2ZlvB_X3XOICUjbGUaKkw9PHDvxNAo/edit