I'm publishing some
research today, a major design flaw in Windows that's existed for almost *two decades*. I wrote a blog post on the story of the discovery all the way through to exploitation.
https://googleprojectzero.blogspot.com/2019/08/down-rabbit-hole.html …
-
Show this thread
-
Here's a repository of all the code and tools I developed to explore this attack surface.https://github.com/taviso/ctftool
16 replies 268 retweets 799 likesShow this thread -
Replying to @taviso
works if I can write to "C:\Windows\TEMP", but at that point I am already administrator/elevated account. I can maybe use this to elevate without detection
#redteampic.twitter.com/1x4fQxY0VL
1 reply 0 retweets 0 likes
Replying to @haxorhead
It doesn't require Administrator, just run it as a standard user.
10:05 AM - 15 Aug 2019
1 reply
0 retweets
1 like
-
Show additional replies, including those that may contain offensive content
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.