Exploit 28

• The PrintNightmare is not Over Yet Oct 5, 2024
• Ghost in the PPL Part 3: LSASS Memory Dump Sep 2, 2024
• Ghost in the PPL Part 2: From BYOVDLL to Arbitrary Code Execution in LSASS Aug 16, 2024
• Ghost in the PPL Part 1: BYOVDLL Aug 9, 2024
• A Practical Guide to PrintNightmare in 2024 Jan 28, 2024
• Insomni'hack 2024 CTF Teaser - Cache Cache Jan 21, 2024
• Bypassing PPL in Userland (again) Mar 17, 2023
• Insomni'hack 2023 CTF Teaser - InsoBug Jan 26, 2023
• From RpcView to PetitPotam Sep 2, 2021
• Bypassing LSA Protection in Userland Apr 22, 2021
• Do You Really Know About LSA Protection (RunAsPPL)? Apr 7, 2021
• An Unconventional Exploit for the RpcEptMapper Registry Key Vulnerability Feb 21, 2021
• Windows .Net Core SDK Elevation of Privilege Aug 19, 2020
• CVE-2020-1170 - Microsoft Windows Defender Elevation of Privilege Vulnerability Jun 21, 2020
• Chimichurri Reloaded - Giving a Second Life to a 10-year old Windows Vulnerability Jun 1, 2020
• PrintSpoofer - Abusing Impersonation Privileges on Windows 10 and Server 2019 May 2, 2020
• Windows DLL Hijacking (Hopefully) Clarified Apr 24, 2020
• Windows Server 2008R2-2019 NetMan DLL Hijacking Apr 10, 2020
• CVE-2020-0863 - An Arbitrary File Read Vulnerability in Windows Diagnostic Tracking Service Mar 18, 2020
• CVE-2020-0787 - Windows BITS - An EoP Bug Hidden in an Undocumented RPC Function Mar 11, 2020
• CVE-2020-0668 - A Trivial Privilege Escalation Bug in Windows Service Tracing Feb 14, 2020
• CDPSvc DLL Hijacking - From LOCAL SERVICE to SYSTEM Dec 11, 2019
• Give Me Back My Privileges! Please? Dec 5, 2019
• Weaponizing Privileged File Writes with the USO Service - Part 2/2 Aug 19, 2019
• Weaponizing Privileged File Writes with the USO Service - Part 1/2 Aug 17, 2019
• Windows Privilege Escalation - DLL Proxying Apr 18, 2019
• CVE-2019-19544 - CA Dollar Universe 5.3.3 'uxdqmsrv' - Privilege Escalation via a Vulnerable SUID Binary Sep 3, 2018
• CVE-2017-13130 - BMC Patrol 'mcmnm' - Privilege Escalation via a Vulnerable SUID Binary Jun 6, 2018