Zero Day Initiative - Breaking Barriers and Assumptions: Techniques for Privilege Escalation on Windows: Part 2
Briefly

from Zero Day Initiative6 months ago
...when the handle is opened with delete permissions, there is nothing done to prevent it from following any links a standard user could create...escalate our privileges to NT AUTHORITY\SYSTEM.
Zero Day Initiativehttps://www.thezdi.com/blog/2024/7/30/breaking-barriers-and-assumptions-techniques-for-privilege-escalation-on-windows-part-2
By polling the file for attribute changes, we now have a good indicator of when the file will be deleted...create our link, as the file's about to be deleted.
Zero Day Initiativehttps://www.thezdi.com/blog/2024/7/30/breaking-barriers-and-assumptions-techniques-for-privilege-escalation-on-windows-part-2
Read at Zero Day Initiative
#privilege-escalation #file-deletion #symbolic-link #windows-security
[
|
]