Exploit 28

The PrintNightmare is not Over Yet Oct 5, 2024
Ghost in the PPL Part 3: LSASS Memory Dump Sep 2, 2024
Ghost in the PPL Part 2: From BYOVDLL to Arbitrary Code Execution in LSASS Aug 16, 2024
Ghost in the PPL Part 1: BYOVDLL Aug 9, 2024
A Practical Guide to PrintNightmare in 2024 Jan 28, 2024
Insomni'hack 2024 CTF Teaser - Cache Cache Jan 21, 2024
Bypassing PPL in Userland (again) Mar 17, 2023
Insomni'hack 2023 CTF Teaser - InsoBug Jan 26, 2023
From RpcView to PetitPotam Sep 2, 2021
Bypassing LSA Protection in Userland Apr 22, 2021
Do You Really Know About LSA Protection (RunAsPPL)? Apr 7, 2021
An Unconventional Exploit for the RpcEptMapper Registry Key Vulnerability Feb 21, 2021
Windows .Net Core SDK Elevation of Privilege Aug 19, 2020
CVE-2020-1170 - Microsoft Windows Defender Elevation of Privilege Vulnerability Jun 21, 2020
Chimichurri Reloaded - Giving a Second Life to a 10-year old Windows Vulnerability Jun 1, 2020
PrintSpoofer - Abusing Impersonation Privileges on Windows 10 and Server 2019 May 2, 2020
Windows DLL Hijacking (Hopefully) Clarified Apr 24, 2020
Windows Server 2008R2-2019 NetMan DLL Hijacking Apr 10, 2020
CVE-2020-0863 - An Arbitrary File Read Vulnerability in Windows Diagnostic Tracking Service Mar 18, 2020
CVE-2020-0787 - Windows BITS - An EoP Bug Hidden in an Undocumented RPC Function Mar 11, 2020
CVE-2020-0668 - A Trivial Privilege Escalation Bug in Windows Service Tracing Feb 14, 2020
CDPSvc DLL Hijacking - From LOCAL SERVICE to SYSTEM Dec 11, 2019
Give Me Back My Privileges! Please? Dec 5, 2019
Weaponizing Privileged File Writes with the USO Service - Part 2/2 Aug 19, 2019
Weaponizing Privileged File Writes with the USO Service - Part 1/2 Aug 17, 2019
Windows Privilege Escalation - DLL Proxying Apr 18, 2019
CVE-2019-19544 - CA Dollar Universe 5.3.3 'uxdqmsrv' - Privilege Escalation via a Vulnerable SUID Binary Sep 3, 2018
CVE-2017-13130 - BMC Patrol 'mcmnm' - Privilege Escalation via a Vulnerable SUID Binary Jun 6, 2018