Become a member
Sign in
李宜瑾
李宜瑾

李宜瑾

5 Following
1 Followers
  • Profile

  • Claps

  • Highlights

  • Responses

Highlighted by 李宜瑾

See more

From UAC Bypass by Mocking Trusted Directories by David Wells

… execution request) are done with the original executable path name (with the trailing space). … execution request) are done with the original executable path name (with the trailing space). This allows all other checks to pass and results in appinfo.dll spawning my winSAT.exe copy as auto elevated (since it is both properly signed and whitelisted for auto elevation).

From UAC Bypass by Mocking Trusted Directories by David Wells

path name (with… directory checks are performed against (using RtlPrefixUnicodeString) for the rest of the routine. The beauty is that after the trusted directory check is done with this converted path string, it is then freed, and rest of checks (and final elevated execution request) are done with the original executable path name (with the trailing space). This allows all other checks to pass and results in appinfo.dll spawning my winSAT.exe copy as aut…

Claps from 李宜瑾

See more

This best practise that you called bullshit is still the best practise we have for this.

Aleš Kounovský

Heap Exploit 學習筆記

berming

緩衝區溢位攻擊之二(Buffer Overflow)

berming