Matt NelsoninPosts By SpecterOps Team MembersCVE-2023–4632: Local Privilege Escalation in Lenovo System UpdaterVersion: Lenovo Updater Version <= 5.08.01.0009 Operating System Tested On: Windows 10 22H2 (x64) Vulnerability: Lenovo System Updater…Oct 26, 20231Oct 26, 20231
Matt NelsoninPosts By SpecterOps Team MembersCVE-2019–12757: Local Privilege Escalation in Symantec Endpoint ProtectionSymantec Endpoint Protection Version: 14.2 RU1 Build 3335 (14.2.3335.1000) and below Operating System Tested On: Windows 10 1803 x64Nov 15, 2019Nov 15, 2019
Matt NelsoninPosts By SpecterOps Team MembersAvira Optimizer Local Privilege EscalationVersion: Avira Optimizer < 1.2.0.367 Operating System tested on: Windows 10 1803 (x64) Vulnerability: Avira Optimizer Local Privilege…Aug 29, 2019Aug 29, 2019
Matt NelsoninPosts By SpecterOps Team MembersCVE-2019–13382: Local Privilege Escalation in SnagItVersion: Snagit 2019.1.2 Build 3596 Operating System tested on: Windows 10 1803 (x64) Vulnerability: SnagIt Relay Classic Recorder Local…Jul 24, 20192Jul 24, 20192
Matt NelsoninPosts By SpecterOps Team MembersCVE-2019–13142: Razer Surround 1.1.63.0 EoPVersion: Razer Surround 1.1.63.0 Operating System tested on: Windows 10 1803 (x64) Vulnerability: Razer Surround Elevation of Privilege…Jul 5, 2019Jul 5, 2019
Matt NelsoninPosts By SpecterOps Team MembersRazer Synapse 3 Elevation of PrivilegeProduct Version: Razer Synapse 3 (3.3.1128.112711) Windows Client Downloaded from: https://www.razer.com/downloads Operating System…Jan 21, 2019Jan 21, 2019
Matt NelsoninPosts By SpecterOps Team MembersCVE-2018–8414: A Case Study in Responsible DisclosureThe process of vulnerability disclosure can be riddled with frustrations, concerns about ethics, and communication failure. I have had…Oct 23, 20181Oct 23, 20181
Matt NelsoninPosts By SpecterOps Team MembersCVE-2018–8212: Device Guard/CLM bypass using MSFT_ScriptResourceDevice Guard and the enlightened scripting environments that come with it are a lethal combination for disrupting attacker activity…Oct 10, 2018Oct 10, 2018
Matt NelsoninPosts By SpecterOps Team MembersThe Tale of SettingContent-ms FilesAs an attacker, initial access can prove to be quite the challenge against a hardened target. When selecting a payload for initial access…Jun 11, 20186Jun 11, 20186
Matt NelsoninPosts By SpecterOps Team MembersReviving DDE: Using OneNote and Excel for Code ExecutionTL;DR: You can achieve DDE execution with Excel SpreadSheets embedded within OneNote. This bypasses the original Excel mitigation ruleset…Jan 29, 2018Jan 29, 2018