Stan Hegt


Talk Title:

COMpromise: remote code execution in Windows development environments


In this talk we will demonstrate how compiling, reverse engineering or even just viewing source code can lead to compromise of a developer’s workstation. With the emergence of code sharing platforms such as GitHub, it has become common practice to download and view potentially untrusted code. However, due to the way in which integrated development environments for Windows interact with code and the Component Object Model (COM), such behavior can be exploited by attackers to achieve remote code execution. Our research presents full and practical exploit chains for Visual Studio that demonstrate that opening (not running!) code is dangerous. Expect a journey into COM, type libraries and the inner workings of Visual Studio.


Stan has been working in the infosec industry for over a decade. He now is a member of Outflank, a Dutch team with a strong focus on red teaming and adversary simulation. His passion is hacking the internals of Microsoft technologies such as Windows, .NET, COM and MS Office. Stan has presented his research at various leading conferences including Black Hat, Derbycon and Troopers.

Copyright © 2023 | Nullcon India | International Security Conference | All Rights Reserved