In this presentation, I will start from a historical bug analysis, then share the methodology about how I start this work with minimum knowledge as a web security researcher and knowing little about windows internal.
I will explain the inner working of this technique about how I analyzed Advanced Local Procedure Call (ALPC), found new attack surfaces, and did some hot patches to make process monitor a command line tool to detect sensitive operation, make them combined together in a system, which could discover file privilege escalation bugs automatically.
By: Wenxu Wu
Full Abstract & Presentation Materials: https://www.blackhat.com/us-19/briefings/schedule/#battle-of-windows-service-a-silver-bullet-to-discover-file-privilege-escalation-bugs-automatically-14688
