COM Hijacking (Persistence)

In this video we'll be exploring how to attack, detect and defend against COM Hijacking. Component Object Model is a fundamental part of windows and there’s a several different ways it can be abused by attackers to achieve a persistence mechanism – many of which are tricky to spot unless you know where to look. If you find the video useful please do give it a like, and consider subscribing if you want more of this sort of content. Drop a note in the comments if there’s anything you think I missed, or if you have a good idea of what topic I should cover next. Further reading/watching: Mitre ATT&CK on COM Hijacking: https://attack.mitre.org/techniques/T1546/015/ Microsoft documentation on Component Object Model: https://docs.microsoft.com/en-us/windows/win32/com/the-component-object-model C++ Reverse Shell by dev-frog: https://github.com/dev-frog/C-Reverse-Shell COMProxy by Leo Loobeck: https://github.com/leoloobeek/COMProxy/ COM Hijacking presentation from Derbycon 2019 by David Tulis of NCC Group: * Slides: https://www.slideshare.net/DavidTulis1/com-hijacking-techniques-derbycon-2019 * Presentation: https://www.youtube.com/watch?v=pH14BvUiTLY * Code Repo: https://github.com/nccgroup/acCOMplice PenTestLab blog on Com Hijacking: https://pentestlab.blog/2020/05/20/persistence-com-hijacking/ Audio Credits (licensed under CC0): Intro/Outro Music by Flavio Concini (https://freesound.org/people/Greek555/) Transition audio: "Ethereal Woosh" by Newagesoup (https://freesound.org/people/newagesoup/) Timestamps: 0:00 Intro 3:19 Attack 9:22 Detect 10:34 Defend