📄 Microsoft Windows 11 Build 10.0.27898.1000 Advanced Admin Protection Bypass

This enhanced proof of concept demonstrates an advanced method for bypassing Windows Administrator Protection by manipulating registry hives using both WinAPI and NTAPI. The code implements safe smart‑pointer wrappers for handles, secure SID management, deep registry enumeration, privilege checks...

Exploit for CVE-2020-1472

ZeroLogon exploitation script Exploit code based on https://www.secura.com/blog/zero-logon and https://github.com/SecuraBV/CVE-2020-1472. Original research and scanner by Secura, modifications by RiskSense Inc. To exploit, clear out any previous Impacket installs you have and install Impacket fro...

The Windows Registry Adventure #2: A brief history of the feature

Posted by Mateusz Jurczyk, Google Project Zero Before diving into the low-level security aspects of the registry, it is important to understand its role in the operating system and a bit of history behind it. In essence, the registry is a hierarchical database made of named "keys" and "values",...

APT Actors Exploiting CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus

Summary This joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge ATT &CK® framework, Version 9. See the ATT&CK for Enterprise framework for referenced threat actor techniques and for mitigations. This joint advisory is the result of analytic efforts...

APT Actors Exploiting Newly Identified Vulnerability in ManageEngine ADSelfService Plus

Summary This Joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge ATT &CK® framework, Version 8. See the ATT&CK for Enterprise for referenced threat actor tactics and for techniques. This joint advisory is the result of analytic efforts between the...

CISA, FBI: State-Backed APTs Are Exploiting Critical Zoho Bug

The FBI, CISA and the U.S. Coast Guard Cyber Command CGCYBER warned today that state-backed advanced persistent threat APT actors are likely among those who’ve been actively exploiting a newly identified bug in a Zoho single sign-on and password management tool since early last month. At issue is...

Exploit for CVE-2021-36934

PyNightmare PoC for CVE-2021-36934 Aka HiveNightmare/SeriousSA...

Exploit for CVE-2021-36934

Invoke-HiveNightmare PowerShell-based PoC for CVE-2021-36934,...

IRTriage - Incident Response Triage - Windows Evidence Collection For Forensic Analysis

Scripted collection of system information valuable to a Forensic Analyst. IRTriage will automatically "Run As ADMINISTRATOR" in all Windows versions except WinXP. The original source was Triage-ir v0.851 an Autoit script written by Michael Ahrendt. Unfortunately Michael's last changes were posted...

HiveJack - This Tool Can Be Used During Internal Penetration Testing To Dump Windows Credentials From An Already-Compromised Host

This tool can be used during internal penetration testing to dump Windows credentials from an already-compromised host. It allows one to dump SYSTEM, SECURITY and SAM registry hives and once copied to the attacker machines provides an option to delete these files to clear the trace. Often, this i...

Digging Up the Past: Windows Registry Forensics Revisited

ARCHIVED STORY Digging Up the Past: Windows Registry Forensics Revisited By David Via · Jan 08, 2019 Introduction FireEye consultants frequently utilize Windows registry data when performing forensic analysis of computer networks as part of incident response and compromise assessment missions. Th...

Microsoft Windows - Desktop Bridge Virtual Registry Arbitrary File Read/Write Privilege Escalation E

Exploit for windows platform in category local exploits Windows: Windows: Desktop Bridge Virtual Registry Arbitrary File Read/Write EoP Platform: Windows 1709 not tested earlier version Class: Elevation of Privilege Summary: The handling of the virtual registry for desktop bridge applications can...

MS15-003: Vulnerability in Windows User Profile service could allow elevation of privilege: January 13, 2015

MS15-003: Vulnerability in Windows User Profile service could allow elevation of privilege: January 13, 2015 Summary This security update resolves a privately reported vulnerability in Windows. This vulnerability could allow elevation of privilege if an attacker logs on to the system and runs a...

Microsoft Windows 10 10586 (x32/x64) / 8.1 Update 2 - NtLoadKeyEx User Hive Attachment Point Privile

Exploit for windows platform in category local exploits / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=865 Windows: NtLoadKeyEx User Hive Attachment Point EoP Platform: Windows 10 10586 32/64 and 8.1 Update 2, not tested Windows 7 Class: Elevation of Privilege Summary: The...

Microsoft Windows 8.1 Update 2 10 10586 (x86x64) - NtLoadKeyEx User Hive Attachment Point Privilege Escalation (MS16-111)

Microsoft Windows 8.1 Update 2 10 10586 x86x64 - NtLoadKeyEx User Hive Attachment Point Privilege Escalation MS16-111 / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=865 Windows: NtLoadKeyEx User Hive Attachment Point EoP Platform: Windows 10 10586 32/64 and 8.1 Update 2, not...

Microsoft Windows 8.1 Update 2 / 10 10586 (x86/x64) - NtLoadKeyEx User Hive Attachment Point Privilege Escalation (MS16-111)

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=865 Windows: NtLoadKeyEx User Hive Attachment Point EoP Platform: Windows 10 10586 32/64 and 8.1 Update 2, not tested Windows 7 Class: Elevation of Privilege Summary: The NtLoadKeyEx system call allows an unprivileged user to loa...

Microsoft Windows - RegLoadAppKey Hive Enumeration Privilege Escalation (MS16-111)

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=870 Windows: RegLoadAppKey Hive Enumeration EoP Platform: Windows 10 10586 not tested 8.1 Update 2 or Windows 7 Class: Elevation of Privilege Summary: RegLoadAppKey is documented to load keys in a location which can’t be enumerat...

Microsoft Windows User Profile Service Elevation of Privilege Vulnerability

Microsoft Windows is a windowed operating system developed by Microsoft Corporation in the United States. An elevation of privilege vulnerability exists in the Microsoft Windows User Profile Service service when verifying user privileges, which could be exploited by an attacker to cause the User...

MS15-003: Vulnerability in Windows User Profile Service Could Allow Elevation of Privilege (3021674)

The remote Windows host is affected by a privilege escalation vulnerability due to improper validation of user privilege in the Windows User Profile Service ProfSvc. A local attacker, with a specially crafted application, can load registry hives associated with other user accounts to execute...

SafeNet Sentinel Directory Traversal

!/usr/bin/python Exploit Title: SafeNet Sentinel Protection Server 7.0 - 7.4 and Sentinel Keys Server 1.0.3 - 1.0.4 Directory Traversal Date: 04/28/2014 Exploit Author: Matt Schmidt Syph0n Vendor Homepage: http://www.safenet-inc.com/ Software Link:...