Training Abstract
With growing usage of desktop applications in various segments like aviation, healthcare, public infrastructure, logistics, finance, education, hospitality and many more in the form of kiosk/un-attended systems in public, it opens scope of information and network security. Also with change in way of work getting flexible from home due to Covid-19, this increases the responsibilities of enterprises to have their systems run safely using multiple endpoint protection tools like DLP/EDR/KIOSK/PAM etc.
In addition, when KIOSK apps are integrated with smart AI solutions, it becomes pivotal in compromising the systems. This training course would target such areas where systems are secured via hardening using Windows/3rd party tools and how we can evade hardening to gain unrestricted system access. After having system access trying to elevate privilege within the Windows system.
Learning these techniques would help in pentest, designing tools securely which can be used in commercial products or enterprise systems.
What to expect: More than 20 hands-on labs across 2 days. Prepare your VM to practice those during the workshop.
Training Outline
- Setting up OS Hardening with custom scripts, which would demonstrate what changes are made so that participants can visualize their scope
- Learning core concepts like Reg/filesystem permissions, user roles & privileges, process inheritance, cross ownership, etc. and getting familiar with commands used during the entire session
- Windows 11 KIOSK Bypass techniques to access restricted windows components like creds. manager, certificate store, registry, filesystem, etc.
- Group policies and Registry restriction bypass
- Various techniques to access command prompt / PowerShell when blocked via sys. admin in Windows 11
- Accessing restricted Control Panel components in Windows 11
- Working with deploying multiple 3rd party KIOSK/Hardening endpoint protection apps and exploiting multiple vulnerabilities which undergone CVD
- Creating Shell Explorer by self and designing KIOSK to understand the nature of Winlogon while hardening
- bcdedit, insecure boot to evade DLP/EP software/KIOSK
- Techniques via which DLP can be bypassed being non-admin standard user or admin user, leaving no traces
- Gaining command execution via compiling binaries, using other platform binaries, extension precedence rule, shortcuts, task scheduler, ActiveXObject, etc.
- Creating reverse shell executables and managing remote connections for persistence
- Introduction to Architecture of Smart AI Kiosk and comparison with Vanilla Kiosk architecture
- Frameworks for Navigating Security Challenges in AI systems
- Tactics and Techniques in Adversarial Prompting
- Controlled Intelligence: Guardrails in Action
- Overview of Intelligent agents in Smart AI Kiosk and leveraging that for evasion
- Multiple Applocker restriction rules and various bypass techniques
- Understanding design restrictions for Administrator vs System, followed by leveraging multiple techniques to gain system privilege and get execution of restricted components
- Using ReactOS to evade signature based application restriction
- Understanding UAC and identifying various bypass techniques
- Various techniques to uninstall security providing EPM application (e.g. antivirus, DLP, remote administration, etc.) in restricted environment
- Post bypassing OS Hardening: various techniques of Privilege escalation like extension precedence, misconfigured service parameters, token priv., DLL preloading, unquoted service path, cmdkey, tasks, Reg hive dump, always elevated, startup, etc.
- Practice and summarize all items learnt
Who Should Take This Training
This training is designed for the following security professionals:
- Penetration testers looking to expand their skillset into kiosk and hardened endpoint assessments
- Security architects or developers who want security by design in their products and kiosk deployments
- Windows system administrators responsible for securing enterprise endpoints and kiosk infrastructure
- Security professionals from IT security teams working with DLP, EDR, and endpoint hardening solutions
- Anyone building or deploying kiosk/unattended systems in public-facing environments
Who Would Not Be a Good Fit
This training may not be suitable for:
- People focusing on any other OS apart from Windows
- People looking for Network Assessments or core anti-virus evasion techniques
- Those interested primarily in Fuzzing or Kernel exploitation
- Anyone without basic Windows OS familiarity
Audience Level
Beginner to Intermediate. You should have:
- Basic knowledge of how Windows OS works (file system, registry, services, user accounts)
- Familiarity with Virtual Machines and how to set them up
- Scripting/programming knowledge is NOT required, though a few small scripts will be used during the session
Student Requirements
Please prepare the following before the training:
- Windows 11 Enterprise 64-bit Evaluation VirtualBox VM (use Microsoft Eval Center if you do not have a license)
- Free Google and/or Twitter X account for interacting with AI models during Day 2 labs
- Stable internet connection (required for both trainer and participants)
- Additional tools list will be shared to registered participants before the training
- Laptop with sufficient RAM and disk space to run VirtualBox VMs smoothly
Meet the Trainers
Kartik Lalan
Product Security Architect at Security Centre of Excellence, Philips Innovation Campus. He holds an M.Tech. in Computer Science with Specialization in Information & Network Security.
Kartik conducts frequent talks and workshops on InfoSec topics at several notable conferences and community events including C0C0N, Nullcon, DEF CON Blue and Hardware Villages, OWASP AppSec Days, BSides Delhi and Bangalore chapters, DroidCon-IN, and other community meetups. Kartik loves to write technical blogs in his leisure time.
Aravind C Ajayan
Product Security Architect with Philips and is part of the Security Centre of Excellence team. Aravind's primary areas of expertise are web/thick client application penetration testing, hardened system security, network security, and Windows Active Directory security.
He has helped to fix severe issues in IMS (Internet Management Software) solutions through responsible disclosures. Aravind pursued his master's in Cyber Security Systems and Networks from Amrita Vishwa Vidyapeetham, Coimbatore. He is an Offensive Security Certified Professional (OSCP) and has published several research papers on security in IEEE and Springer.