UAC bypass - DLL hijacking
This is a PoC for bypassing UAC using DLL hijacking and abusing the "Trusted Directories" verification.
https://github.com/SecuProject/DLLHijackingScanner
#uac #bypass #dll #hijacking
This is a PoC for bypassing UAC using DLL hijacking and abusing the "Trusted Directories" verification.
https://github.com/SecuProject/DLLHijackingScanner
#uac #bypass #dll #hijacking
ShadowMove Pivot Technique
ShadowMove is a novel technique to hijack sockets from non-cooperative processes. It is described in the paper ShadowMove: A Stealthy Lateral Movement Strategy presented at USENIX ‘20. This technique takes advantage of the fact that AFD (Ancillary Function Driver) file handles are treated as socket handles by Windows APIs, so it is possible to duplicate them with
https://adepts.of0x.cc/shadowmove-hijack-socket/
#shadowmove #hijacking #socket #redteam
ShadowMove is a novel technique to hijack sockets from non-cooperative processes. It is described in the paper ShadowMove: A Stealthy Lateral Movement Strategy presented at USENIX ‘20. This technique takes advantage of the fact that AFD (Ancillary Function Driver) file handles are treated as socket handles by Windows APIs, so it is possible to duplicate them with
WSADuplicateSocket().https://adepts.of0x.cc/shadowmove-hijack-socket/
#shadowmove #hijacking #socket #redteam
📌 Save the Environment
Many applications appear to rely on Environment Variables such as
By changing these variables on process level, it is possible to let a legitimate program load arbitrary DLLs.
Research:
https://www.wietzebeukema.nl/blog/save-the-environment-variables
Source Code:
https://github.com/wietze/windows-dll-env-hijacking
#maldev #dll #hijacking #environment
Many applications appear to rely on Environment Variables such as
%SYSTEMROOT% to load DLLs from protected locations. By changing these variables on process level, it is possible to let a legitimate program load arbitrary DLLs.
Research:
https://www.wietzebeukema.nl/blog/save-the-environment-variables
Source Code:
https://github.com/wietze/windows-dll-env-hijacking
#maldev #dll #hijacking #environment
👍9
🔑 KeePass2: DLL Hijacking and Hooking API
This new article about a way to get the Master Password of a KeePass database.
https://skr1x.github.io/keepass-dll-hijacking/
#keepass #dll #hijacking #redteam
This new article about a way to get the Master Password of a KeePass database.
https://skr1x.github.io/keepass-dll-hijacking/
#keepass #dll #hijacking #redteam
👍8😁1
🚀 Elevating Privileges in Windows via Activation Cache Poisoning
A deep dive into CVE-2024-6769, which leverages two chained bugs to escalate privileges from medium to high integrity. The first stage involves remapping the root drive, followed by a DLL hijacking exploit. The second stage poisons the Activation Cache through the CSRSS process to gain full administrator access.
🔗 Research:
https://www.coresecurity.com/core-labs/articles/cve-2024-6769-poisoning-activation-cache-elevate-medium-high-integrity
🔗 Source:
https://github.com/fortra/CVE-2024-6769
#windows #privesc #dll #hijacking
A deep dive into CVE-2024-6769, which leverages two chained bugs to escalate privileges from medium to high integrity. The first stage involves remapping the root drive, followed by a DLL hijacking exploit. The second stage poisons the Activation Cache through the CSRSS process to gain full administrator access.
🔗 Research:
https://www.coresecurity.com/core-labs/articles/cve-2024-6769-poisoning-activation-cache-elevate-medium-high-integrity
🔗 Source:
https://github.com/fortra/CVE-2024-6769
#windows #privesc #dll #hijacking
10🔥10👍4❤🔥1