Throughout our Red Team operations, we've focused our research on advancing techniques to gain direct access to physical memory and achieve execution with the highest privileges (Kernel-mode). This talk presents the current state of the art in stealthy post-exploitation, sharing innovative approaches and refined methodologies developed over recent years. Topics include: bypassing modern EDR solutions via physical memory access primitives, physical access techniques and advanced post-exploitation techniques in Windows systems. We will demonstrate how low-level access vectors often overlooked can enable persistent, undetectable control over targeted systems. The session is tailored for cybersecurity professionals interested in cutting-edge Red Team tactics and emerging hardware/software threats. Practical demos will be included, along with tools and methodologies applicable across multiple scenarios. This is a deeply technical talk, showcasing real world tradecraft and threat modeling beyond traditional offensive security.

DEF CON 34 - DEF CON Policy Announcement - Katie Noble, Heather West
5.4K views

DEF CON 33 - DisguiseDelimit: Exploiting Synology NAS with Delimiters and Novel Tricks - Ryan Emmon
11.1K views

DEF CON 33 - Browser Extension Clickjacking: One Click and Your Credit Card Is Stolen - Marek Tóth
8.5K views

DEF CON 33 - Can't Stop the ROP: Automating Universal ASLR Bypasses - Bramwell Brizendine
3.6K views

DEF CON 33 Recon Village - Building Local Knowledge Graphs for OSINT - Donald Pellegrino
5.4K views

DEF CON 33 Recon Village - Mapping the Shadow War From Estonia to Ukraine - Evgueni Erchov
6.4K views