Collaborate Disseminate
UACme is a compiled, C-based tool which contains a number of methods to defeat Windows User Account Control commonly known as UAC. It abuses the built-in Windows AutoElevate backdoor and contains 41 methods. The tool requires an Admin account with the … Continue reading UACMe – Defeat Windows User Account Control (UAC)
I know what you’re thinking, Node.js is server-side right? Not exactly. It turns out many client-side applications have embedded Node.js. And its not always updated to the latest version. And, its vulnerable to attacks! Moses Hernandez is a Consulting Systems Engineer for Cisco Systems and an Instructor for pen testing courses at the SANS Institute. Continue reading Exploiting Client-Side Node.js with Moses Hernandez – Paul’s Security Weekly #516
Researcher Matt Nelson disclosed another Windows UAC bypass, this one abusing the sdclt.exe backup and restore utility to execute a payload without triggering an alert. Continue reading Fileless UAC Bypass Uses Windows Backup and Restore Utility
Researcher Matt Nelson disclosed another Windows UAC bypass that makes use of Event Viewer to hijack registry entries and run code. Continue reading Latest Windows UAC Bypass Permits Code Execution