HIP19: whoami priv - show me your privileges and I will lead you to SYSTEM - A. Pierini
whoami priv - show me your privileges and I will lead you to SYSTEM by Andrea Pierini
https://hackinparis.com/talks/#talk-2019-whoami-priv-show-me-your-privileges-and-i-will-lead-you-to-system
On Windows systems, users can be given special privileges. Some of these, if appropriately abused can lead to elevation of privileges to become SYSTEM.
In this talk, I will explain what the privileges and tokens are, how to get them, and based on their characteristics, identify some possible paths for Privilege Escalation via "Windows Privilege abusing" & "Token manipulation" .
Particular attention will be devoted to the privileges “SeImpersonate” and “SeAssignPrimary” which, combined with the “Rotten Potato” exploit and our subsequent research, the “Juicy Potato”, have proved to be “Golden Privilege”
Видео HIP19: whoami priv - show me your privileges and I will lead you to SYSTEM - A. Pierini канала Hack in Paris
https://hackinparis.com/talks/#talk-2019-whoami-priv-show-me-your-privileges-and-i-will-lead-you-to-system
On Windows systems, users can be given special privileges. Some of these, if appropriately abused can lead to elevation of privileges to become SYSTEM.
In this talk, I will explain what the privileges and tokens are, how to get them, and based on their characteristics, identify some possible paths for Privilege Escalation via "Windows Privilege abusing" & "Token manipulation" .
Particular attention will be devoted to the privileges “SeImpersonate” and “SeAssignPrimary” which, combined with the “Rotten Potato” exploit and our subsequent research, the “Juicy Potato”, have proved to be “Golden Privilege”
Видео HIP19: whoami priv - show me your privileges and I will lead you to SYSTEM - A. Pierini канала Hack in Paris
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
RomHack 2018 - show me your Windows privileges and I will lead you to SYSTEM - PieriniThe surprising secret to speaking with confidence | Caroline Goyder | TEDxBrixtonSANS Webcast: Pen Testing with PowerShell - Local Privilege Escalation TechniquesHIP19: DPAPI and DPAPI-NG Decrypting All Users’ Secrets and PFX Passwords - P. JanuskiewiczElevating your Windows Privileges Like a Boss! - Jake WilliamsThe Memory Sinkhole - Unleashing An X86 Design Flaw Allowing Universal Privilege EscalationHIP19: Introduction to IoT Reverse Engineering - V. Di GiampietroHow to use the CAGED system to play a SOLODEF CON 25 - Gil Cohen - Call the plumber: You have a leak in your named pipe5 Lessons To Live By - Dr. Wayne Dyer (Truly Inspiring)Introduction to Website AdministrationHack In Paris 2019 videoPrivilege Escalation FTWHIP19: In NTDLL I Trust - Process Reimaging and Endpoint Security Solution Bypass - E. CarrollVirtual Session: GDPR without the HypeHIP17 - Talk 04 - The forgotten interface: Windows named pipes by GIL COHENHIP19: You « try » to detect mimikatz - V. Le TouxTryHackMe GAMING SERVER - LXD Privilege EscalationLevel Up! Practical Windows Privilege Escalation - Andrew SmithThe story of 'Oumuamua, the first visitor from another star system | Karen J. Meech