Priv2Admin

This repository, Priv2Admin, is an exploitation path that allows users to misuse Windows privileges to elevate their rights within the OS. The repository lists various Windows privileges and their corresponding impact, tools, execution paths, and remarks. The privileges include...

FF Sandbox Escape (CVE-2020-12388)

By James Forshaw, Project Zero In my previous blog post I discussed an issue with the Windows Kernel’s handling of Restricted Tokens which allowed me to escape the Chrome GPU sandbox. Originally I’d planned to use Firefox for the proof-of-concept as Firefox uses the same effective sandbox level a...

How Windows Defender Antivirus integrates hardware-based system integrity for informed, extensive endpoint protection

Detecting and stopping attacks that tamper with kernel-mode agents at the hypervisor level is a critical component of the unified endpoint protection platform in Microsoft Defender Advanced Threat Protection Microsoft Defender ATP. It’s not without challenges, but the deep integration of Windows...

Microsoft Windows - Token Process Trust SID Access Check Bypass Privilege Escalation

Windows: Token Trust SID Access Check Bypass EOP Platform: Windows 10 1709 also tested current build of RS4 Class: Elevation of Privilege Summary: A token’s trust SID isn’t reset when setting a token after process creation allowing a user process to bypass access checks for trust labels...