c0c0n 2026

c0c0n is a 19 years old platform that is aimed at providing opportunities to showcase, educate, understand and spread awareness on Information Security, data protection, and privacy...

Venue & Date

Contact Us

  • Home
  • Trainings
  • Weaponizing Defense: Attacking Windows 11 Kiosks Using Enterprise Hardening Solutions

Weaponizing Defense: Attacking Windows 11 Kiosks Using Enterprise Hardening Solutions

c0c0n 3-Day Professional Training

Weaponizing Defense: Attacking Windows 11 Kiosks Using Enterprise Hardening Solutions

Abstract

With growing usage of desktop applications in various segments like aviation, healthcare, public infrastructure, logistics, finance, education, hospitality and many more in the form of kiosk / un-attended systems in public, it opens scope of information & network security using multiple endpoint protection tools like DLP/EDR/KIOSK/PAM etc. In addition, when KIOSK apps are integrated with smart AI solutions, it becomes pivotal in compromising the systems. This training course would target such areas where systems are secured via hardening using Windows/3rd party tools and how we can evade hardening to gain unrestricted system access. After having system access trying to elevate privilege within the Windows system.

Learning these techniques would help in pentest, designing tools securely which can be used in commercial products or enterprise systems.

Course Content


Day 1
  • Setting up OS Hardening with custom scripts, which would demonstrate what changes are made so that participants can visualize their scope.
  • Learning core concepts like Reg/filesystem permissions, user roles & privileges, process inheritance, cross ownership, etc.& getting familiar with commands which would be used during the entire session.
  • Win11 KIOSK Bypass techniques to access restricted windows components like creds. manager, certificate store, registry, filesystem, etc.
  • Group policies and Registry restriction bypass
  • Various techniques to access command prompt / powershell when blocked via sys. Admin in Win11
  • Accessing restricted Control Panel components in Win11
  • Working with deploying multiple 3rd party KIOSK/Hardening endpoint protection apps. And exploiting multiple vulnerabilities which underwent CVD.
  • Creating Shell Explorer by self and designing KIOSK to understand the nature of Winlogon while hardening.
  • bcdedit, insecure boot to evade DLP/EP software/KIOSK
  • Few techniques via which DLP can be bypassed being non-admin standard user or admin user, leaving no traces.
  • Gaining Command execution via compiling binaries, using other platform binaries, extension precedence rule, shortcuts, task scheduler, ActiveXObject, etc..
  • Creating reverse shell executables and managing remote connections for persistence.
Day 2
  • Multiple Applocker restriction rules and various bypass techniques
  • Understanding design restrictions for Administrator vs System, followed by leveraging multiple techniques to gain system privilege and get execution of restricted components.
  • Writing rules to Allow list of apps via directory – path – signature. And bypassing all those 3 techniques.
  • Using ReactOS to evade signature based app restriction
  • Understanding UAC & identifying various bypass techniques
  • Understanding Windows controlled folder access and it’s misconfigurations
  • Various techniques to uninstall security providing EPM application (e.g. antivirus, DLP, remote administration, etc.) in restricted environment
  • Gaining access to admin via exploiting various EPM apps
Day 3
  • Introduction to Smart AI Kiosks and usage scenarios
  • Architecture of Smart AI Kiosk & comparison with Vanilla Kiosk architecture
  • Identifying attack surfaces and fingerprinting
  • Frameworks for Navigating Security Challenges in AI systems
  • Tactics and Techniques in Adversarial Prompting
  • With various examples Squeezing out valuable information from the target
  • Controlled Intelligence: Guardrails in Action
  • Overview of Intelligent agents in Smart AI Kiosk and leveraging that for evasion
  • Post bypassing OS Hardening various techniques of Privilege escalation like extension precedence, misconfigured service parameters, token priv., dll preloading, unquoted service path, cmdkey, tasks, Reg hive dump, always elevated, startup, etc.
  • Practice & summarize all items learnt
Student Requirement:
  • Basic Knowledge of how Windows OS & Virtual Machines works
  • Although there would be few small scripts used during the session, it's completely fine if you do not have scripting/programming knowledge.
  • Windows 11 Enterprise 64bit Evaluation VirtualBox VM (If you do not have license make use of -use https://www.microsoft.com/en-in/evalcenter/evaluate-windows-11-enterprise)
  • Free Google/Twitter X account for AI models
  • List of other tools would be shared to participants
Who should take this training:

Who should take this training: Pentesters, Security architects or developers who want to have security by design in their products, Windows administrators, security professionals from IT security.

Who would not be a good fit for this training:

People focusing on any other OS apart from Windows, People Looking for Network Assessments/core Anti-virus evasion/Fuzzing/Kernel exploitation.

What to expect:

More than 20 hands-on labs, so prepare VM to practice those during the workshop.

Trainer(s)

Kartik Lalan

Kartik Lalan

Security Architect
PIC (Independent)

Aravind C Ajayan

Aravind C Ajayan

Security Architect
PIC (Independent)

Training Information

  • Duration 3 Day Training
  • Dates 11th Oct, 2026 to 13th Oct, 2026
  • Time 09:30 IST - 17:30 IST
  • Venue Grand Hyatt, Bolgatty, Kochi, Kerala
  • Level Beginner to Intermediate

Trainings

Oct 6–8 Pre-Conference
T1
Hook, Line, and Sinker: Exploring the Phishing Abyss
T2
Applied Infrastructure Security Assessment
T3
Creating Custom Tooling for Offensive Security after 2025 - Beyond Autopilot Pentesting
T4
Operational Open Source Intelligence (OSINT), From Online Data to Real-World Impact.
T5
AI Security Engineering Masterclass
T6
Practical AI Security: Attacking and Defending LLMs, Agents and MCP
T7
Practical Fuzzing: A Hands-On Learning Experience for Uncovering Vulnerabilities on Linux
T8
Attacking and Defending GitHub CI CD Pipelines
T9
Threat Tradecraft: Infrastructure Hunting & Malware Analysis
T10
Telecom Network Exploitation: Pentesting Across 4G/5G Stacks
T11
Hacking Android, iOS and IoT apps by Example - 2026 Edition
T12
Multi-Cloud Security (AWS, Azure, GCP) - AI Edition
T13
Red Team: Identity Exploitation & Nation-State Implant Tradecraft
T20
Invite Only (For Law Enforcement)
Oct 11–13 Post-Conference
T14
Hack the IoT
T15
Automotive Security in Practice: Exploitation, Risk Assessment & CAN IDS!
T16
HuntOps: From Telemetry to Adversary Detection
T17
HackTheWeb: Pentest Smarter with AI
T18
Weaponizing Defense: Attacking Windows 11 Kiosks Using Enterprise Hardening Solutions
T19
The Art of Finding Bugs: Advanced Techniques in Vulnerability & 0-Day Research

Register Now