Privilege Escalation 22

• Hijacking the Windows "MareBackup" Scheduled Task for Privilege Escalation May 20, 2025
• The PrintNightmare is not Over Yet Oct 5, 2024
• A Practical Guide to PrintNightmare in 2024 Jan 28, 2024
• Fuzzing Windows RPC with RpcView Aug 1, 2021
• An Unconventional Exploit for the RpcEptMapper Registry Key Vulnerability Feb 21, 2021
• Windows RpcEptMapper Service Insecure Registry Permissions EoP Nov 12, 2020
• Windows .Net Core SDK Elevation of Privilege Aug 19, 2020
• CVE-2020-1170 - Microsoft Windows Defender Elevation of Privilege Vulnerability Jun 21, 2020
• Chimichurri Reloaded - Giving a Second Life to a 10-year old Windows Vulnerability Jun 1, 2020
• PrintSpoofer - Abusing Impersonation Privileges on Windows 10 and Server 2019 May 2, 2020
• Windows DLL Hijacking (Hopefully) Clarified Apr 24, 2020
• Windows Server 2008R2-2019 NetMan DLL Hijacking Apr 10, 2020
• CVE-2020-0863 - An Arbitrary File Read Vulnerability in Windows Diagnostic Tracking Service Mar 18, 2020
• CVE-2020-0787 - Windows BITS - An EoP Bug Hidden in an Undocumented RPC Function Mar 11, 2020
• CVE-2020-0668 - A Trivial Privilege Escalation Bug in Windows Service Tracing Feb 14, 2020
• CDPSvc DLL Hijacking - From LOCAL SERVICE to SYSTEM Dec 11, 2019
• Give Me Back My Privileges! Please? Dec 5, 2019
• Weaponizing Privileged File Writes with the USO Service - Part 2/2 Aug 19, 2019
• Weaponizing Privileged File Writes with the USO Service - Part 1/2 Aug 17, 2019
• Windows Privilege Escalation - DLL Proxying Apr 18, 2019
• CVE-2019-19544 - CA Dollar Universe 5.3.3 'uxdqmsrv' - Privilege Escalation via a Vulnerable SUID Binary Sep 3, 2018
• CVE-2017-13130 - BMC Patrol 'mcmnm' - Privilege Escalation via a Vulnerable SUID Binary Jun 6, 2018