Archives
- 15 Sep A Deep Dive into TPM-based BitLocker Drive Encryption
- 14 Aug CVE-2022-41099 - Analysis of a BitLocker Drive Encryption Bypass
- 17 Mar Bypassing PPL in Userland (again)
- 26 Jan Insomni'hack 2023 CTF Teaser - InsoBug
- 04 Dec Debugging Protected Processes
- 24 Jul The End of PPLdump
- 23 May Revisiting a Credential Guard Bypass
- 02 Sep From RpcView to PetitPotam
- 01 Aug Fuzzing Windows RPC with RpcView
- 22 Apr Bypassing LSA Protection in Userland
- 07 Apr Do You Really Know About LSA Protection (RunAsPPL)?
- 21 Feb An Unconventional Exploit for the RpcEptMapper Registry Key Vulnerability
- 12 Nov Windows RpcEptMapper Service Insecure Registry Permissions EoP
- 19 Aug Windows .Net Core SDK Elevation of Privilege
- 21 Jun CVE-2020-1170 - Microsoft Windows Defender Elevation of Privilege Vulnerability
- 01 Jun Chimichurri Reloaded - Giving a Second Life to a 10-year old Windows Vulnerability
- 02 May PrintSpoofer - Abusing Impersonation Privileges on Windows 10 and Server 2019
- 24 Apr Windows DLL Hijacking (Hopefully) Clarified
- 10 Apr Windows Server 2008R2-2019 NetMan DLL Hijacking
- 18 Mar CVE-2020-0863 - An Arbitrary File Read Vulnerability in Windows Diagnostic Tracking Service
- 11 Mar CVE-2020-0787 - Windows BITS - An EoP Bug Hidden in an Undocumented RPC Function
- 14 Feb CVE-2020-0668 - A Trivial Privilege Escalation Bug in Windows Service Tracing
- 11 Dec CDPSvc DLL Hijacking - From LOCAL SERVICE to SYSTEM
- 05 Dec Give Me Back My Privileges! Please?
- 19 Aug Weaponizing Privileged File Writes with the USO Service - Part 2/2
- 17 Aug Weaponizing Privileged File Writes with the USO Service - Part 1/2
- 18 Apr Windows Privilege Escalation - DLL Proxying
- 29 Dec VBA RunPE - Breaking Out of Highly Constrained Desktop Environments - Part 2/2
- 12 Dec VBA RunPE - Breaking Out of Highly Constrained Desktop Environments - Part 1/2
- 03 Sep CVE-2019-19544 - CA Dollar Universe 5.3.3 'uxdqmsrv' - Privilege Escalation via a Vulnerable SUID Binary
- 06 Jun CVE-2017-13130 - BMC Patrol 'mcmnm' - Privilege Escalation via a Vulnerable SUID Binary