DLL Injection
DLL injection is a technique which allows an attacker to run arbitrary code in the context of the address space of another process. If this process is running with excessive privileges then it could be...
View ArticleSecondary Logon Handle
Secondary logon is a windows service that allows administrators to authenticate and perform administrative tasks with a non-administrator account. However this service fails to sanitize handles during...
View ArticleHot Potato
Hot potato is the code name of a Windows privilege escalation technique that was discovered by Stephen Breen. This technique is actually a combination of two known windows issues like NBNS spoofing...
View ArticleStored Credentials
When an attacker has managed to gain access on a system one of his first moves is to search the entire system in order to discover credentials for the local administrator account which it will allow...
View ArticleWindows Kernel Exploits
Windows by default are vulnerable to several vulnerabilities that could allow an attacker to execute malicious code in order to abuse a system. From the other side patching systems sufficiently is one...
View ArticleIntel SYSRET
This vulnerability allows an attacker to execute code to the kernel (ring0) due to the difference in implementation between processors AMD and Intel. For example an operating system that it is written...
View ArticleSUID Executables
SUID (Set User ID) is a type of permission which is given to a file and allows users to execute the file with the permissions of its owner. There are plenty of reasons why a Linux binary can have this...
View ArticleUniversal Privilege Escalation and Persistence – Printer
The Print Spooler is responsible to manage and process printer jobs. It runs as a service with SYSTEM level privileges on windows environments. Abuse of… Continue reading → Universal Privilege...
View ArticleHiveNightmare
The security account manager (SAM) file contains the password hashes of the users on a Windows system. Since it is considered a sensitive file SYSTEM… Continue reading → HiveNightmare
View ArticleResource Based Constrained Delegation
Microsoft in an attempt to provide more flexibility to domain users enabled owner of resources to configure which accounts are trusted and allowed to delegate… Continue reading → Resource Based...
View Article
