Abusing Windows Internals
Premium roomLeverage windows internals components to evade common detection solutions, using modern tool-agnostic approaches.
hard
60 min
15,125
To access material, start machines and answer questions login.
Windows internals are core to how the Windows operating system functions; this provides adversaries with a lucrative target for nefarious use. Windows internals can be used to hide and execute code, evade detections, and chain with other techniques or exploits.
The term Windows internals can encapsulate any component found on the back-end of the Windows operating system. This can include processes, file formats, COM (Component Object Model), task scheduling, I/O System, etc. This room will focus on abusing and exploiting processes and their components, DLLs (Dynamic Link Libraries), and the (Portable Executable) format.
Learning Objectives
- Understand how internal components are vulnerable
- Learn how to abuse and exploit Windows Internals vulnerabilities
- Understand mitigations and detections for the techniques
- Apply techniques learned to a real-world adversary case study
Before beginning this room, familiarize yourself with basic Windows usage and functionality. We recommend completing the Windows Internals room. Basic programming knowledge in C++ and is also recommended but not required.
We have provided a base Windows machine with the files needed to complete this room. You can access the machine in-browser or through using the credentials below.
Machine IP: MACHINE_IP Username: THM-Attacker Password: Tryhackme!
This is going to be a lot of information. Please buckle your seatbelts and locate your nearest fire extinguisher.
Don’t forget to tip your on the way out!
Start the provided machine and move on to the next tasks.
Ready to learn Cyber Security?
The Abusing Windows Internals room is only available for premium users. Signup now to access more than 500 free rooms and learn cyber security through a fun, interactive learning environment.
Already have an account? Log in