{"id":20417095,"url":"https://github.com/cybermonitor/somethingweneed","last_synced_at":"2026-02-26T21:46:07.025Z","repository":{"id":109742143,"uuid":"338442711","full_name":"CyberMonitor/somethingweneed","owner":"CyberMonitor","description":null,"archived":false,"fork":false,"pushed_at":"2022-08-15T09:34:47.000Z","size":4222,"stargazers_count":7,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-07-21T03:42:36.983Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/CyberMonitor.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-02-12T21:58:36.000Z","updated_at":"2023-08-21T19:52:01.000Z","dependencies_parsed_at":"2023-06-11T08:00:16.672Z","dependency_job_id":null,"html_url":"https://github.com/CyberMonitor/somethingweneed","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/CyberMonitor/somethingweneed","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CyberMonitor%2Fsomethingweneed","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CyberMonitor%2Fsomethingweneed/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CyberMonitor%2Fsomethingweneed/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CyberMonitor%2Fsomethingweneed/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/CyberMonitor","download_url":"https://codeload.github.com/CyberMonitor/somethingweneed/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CyberMonitor%2Fsomethingweneed/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29873636,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-26T21:05:00.265Z","status":"ssl_error","status_checked_at":"2026-02-26T20:57:13.669Z","response_time":89,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-15T06:24:29.790Z","updated_at":"2026-02-26T21:46:07.002Z","avatar_url":"https://github.com/CyberMonitor.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# do\n\n* IPC   inter-process communication \n* LPE\t\tlocal Privilege escalation\n\n\n# IPC\n* 2021 Feb 21 - [Offensive Windows IPC Internals 2: RPC](https://csandker.io/2021/02/21/Offensive-Windows-IPC-2-RPC.html) | [:closed_book:](../../blob/master/paper/csandker.io-Offensive_Windows_IPC_Internals_2_RPC.pdf)\n* 2021 Jan 10 - [Offensive Windows IPC Internals 1: Named Pipes](https://csandker.io/2021/01/10/Offensive-Windows-IPC-1-NamedPipes.html) | [:closed_book:](../../blob/master/paper/csandker.io-Offensive_Windows_IPC_Internals_1_Named_Pipes.pdf)\n\n\n\n# Article\n* [1] https://medium.com/tenable-techblog/psexec-local-privilege-escalation-2e8069adc9c8\n* [2] https://book.hacktricks.xyz/windows/windows-local-privilege-escalation/named-pipe-client-impersonation\n* [3] https://halove23.blogspot.com/2021/01/another-privilege-escalation-in-windows.html\n* [4] PrintSpoofer - Abusing Impersonation Privileges on Windows 10 and Server 2019  https://itm4n.github.io/printspoofer-abusing-impersonate-privileges/\n* [5] https://versprite.com/blog/security-research/vulnerable-named-pipe-application/\n* [6] 2021 Feb 10 CVE-2021-1732 https://ti.dbappsecurity.com.cn/blog/index.php/2021/02/10/windows-kernel-zero-day-exploit-is-used-by-bitter-apt-in-targeted-attack/\n* [7] 2019 https://versprite.com/blog/security-research/vulnerable-named-pipe-application/\n* [8] 2021 Feb 10.CVE-2021-24092: 12 Years in Hiding – A Privilege Escalation Vulnerability in Windows Defender  https://labs.sentinelone.com/cve-2021-24092-12-years-in-hiding-a-privilege-escalation-vulnerability-in-windows-defender/\n* [9] 2020 Nov https://itm4n.github.io/windows-registry-rpceptmapper-eop/\n* [10] 2020 Feb 19 https://blog.vonahi.io/srclient-dll-hijacking/  | [:closed_book:](../../blob/master/paper/blog.vonahi.io-SrClient-DLL-Hijacking-a-Windows-Server-2012-0-day-that-wont-be-patched.pdf)\n* [11] 2021 May  https://www.blackhat.com/asia-21/briefings/schedule/index.html#the-rise-of-potatoes-privilege-escalations-in-windows-services-22373\n* [12] 2019 Aug 01 https://blog.xpnsec.com/analysing-rpc-with-ghidra-neo4j/\n* [13] 2021 Feb 28 https://www.hackingarticles.in/window-privilege-escalation-automated-script/  | [:closed_book:](../../blob/master/paper/hackingarticles.in-Window_Privilege_Escalation_Automated_Script.pdf)\n* [14]  leverages the Outlook Application Interface (COM Interface) to execute shellcode on a system based on a specific trigger subject line https://github.com/S4R1N/BadOutlook\n* [15] Windows \u0026 Active Directory Exploitation Cheat Sheet and Command Reference https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference/ | [:closed_book:](../../blob/master/paper/Windows_Active_Directory_Exploitation_Cheat_Sheet.pdf)\n* [16] Windows File Confusion: Masquerading Unsigned Binaries as Signed Ones http://www.exploit-monday.com/2013/02/WindowsFileConfusion.html?m=1  | [:closed_book:](../../blob/master/paper/Windows_File_Confusion.pdf)\n\n\n# Twitter tips\n* [1] EOP in Foxit PDF Reader - yeah, their updater runs as SYSTEM   https://twitter.com/LloydLabs/status/1355701446117912576\n\n\n\n# POC/Tools\n* [1] https://github.com/tenable/poc/tree/master/Microsoft/Sysinternals/PsExecEscalate.cpp\n* [2] https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite\n* [3] https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Windows%20-%20Privilege%20Escalation.md\n* [4] UAC_bypass_windows_store https://github.com/sailay1996/UAC_bypass_windows_store\n* [5] Windows 10 Privilege Escalation (magnify.exe) via Dll Search Order Hijacking https://github.com/sailay1996/magnifier0day\n* [6] leverage the Windows Performance Counters https://github.com/itm4n/Perfusion\n* [7] https://www.offensive-security.com/metasploit-unleashed/privilege-escalation/\n* [8] https://github.com/quentinhardy/pytmipe\n* [9] https://github.com/ZecOps/CVE-2020-0796-LPE-POC \n* [10] https://github.com/BeichenDream/BadPotato\n* [11] https://github.com/antonioCoco/RogueWinRM\n* [12] Windows IPC open source code https://github.com/microsoft/IPC\n\n# Story\n* [1] https://www.zdnet.com/article/privilege-escalation-vulnerability-patched-in-docker-desktop-for-windows/\n\n# Webcasts\n* [1] Pen Testing with PowerShell: Local Privilege Escalation Technique https://www.sans.org/webcasts/pen-testing-powershell-local-privilege-escalation-technique-108745\n\n# Reference\n* [1] https://github.com/sailay1996/awesome_windows_logical_bugs\n\n# Old info\n* [1] 2019 Another Local Privilege Escalation (LPE) Vulnerability Using Process Creation Impersonation https://www.fortinet.com/blog/threat-research/another-local-privilege-escalation-lpe-vulnerability\n* [2] 2019 More Than a Penetration Test (Microsoft Windows CVE-2019–1082) https://medium.com/@bazyli.michal/more-than-a-penetration-test-cve-2019-1082-647ba2e59034\n* [3] https://awesomeopensource.com/project/m0nad/awesome-privilege-escalation\n* [4] https://awesomeopensource.com/project/marcosValle/awesome-windows-red-team#privilege-escalation\n* [5] Microsoft https://docs.microsoft.com/en-us/windows/win32/ipc/interprocess-communications\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcybermonitor%2Fsomethingweneed","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcybermonitor%2Fsomethingweneed","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcybermonitor%2Fsomethingweneed/lists"}