Windows 27

• Bypassing PPL in Userland (again) Mar 17, 2023
• Insomni'hack 2023 CTF Teaser - InsoBug Jan 26, 2023
• Debugging Protected Processes Dec 4, 2022
• The End of PPLdump Jul 24, 2022
• Revisiting a Credential Guard Bypass May 23, 2022
• From RpcView to PetitPotam Sep 2, 2021
• Fuzzing Windows RPC with RpcView Aug 1, 2021
• Bypassing LSA Protection in Userland Apr 22, 2021
• Do You Really Know About LSA Protection (RunAsPPL)? Apr 7, 2021
• An Unconventional Exploit for the RpcEptMapper Registry Key Vulnerability Feb 21, 2021
• Windows RpcEptMapper Service Insecure Registry Permissions EoP Nov 12, 2020
• Windows .Net Core SDK Elevation of Privilege Aug 19, 2020
• CVE-2020-1170 - Microsoft Windows Defender Elevation of Privilege Vulnerability Jun 21, 2020
• Chimichurri Reloaded - Giving a Second Life to a 10-year old Windows Vulnerability Jun 1, 2020
• PrintSpoofer - Abusing Impersonation Privileges on Windows 10 and Server 2019 May 2, 2020
• Windows DLL Hijacking (Hopefully) Clarified Apr 24, 2020
• Windows Server 2008R2-2019 NetMan DLL Hijacking Apr 10, 2020
• CVE-2020-0863 - An Arbitrary File Read Vulnerability in Windows Diagnostic Tracking Service Mar 18, 2020
• CVE-2020-0787 - Windows BITS - An EoP Bug Hidden in an Undocumented RPC Function Mar 11, 2020
• CVE-2020-0668 - A Trivial Privilege Escalation Bug in Windows Service Tracing Feb 14, 2020
• CDPSvc DLL Hijacking - From LOCAL SERVICE to SYSTEM Dec 11, 2019
• Give Me Back My Privileges! Please? Dec 5, 2019
• Weaponizing Privileged File Writes with the USO Service - Part 2/2 Aug 19, 2019
• Weaponizing Privileged File Writes with the USO Service - Part 1/2 Aug 17, 2019
• Windows Privilege Escalation - DLL Proxying Apr 18, 2019
• VBA RunPE - Breaking Out of Highly Constrained Desktop Environments - Part 2/2 Dec 29, 2018
• VBA RunPE - Breaking Out of Highly Constrained Desktop Environments - Part 1/2 Dec 12, 2018