Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/sailay1996/awesome_windows_logical_bugs

collect for learning cases
https://github.com/sailay1996/awesome_windows_logical_bugs

List: awesome_windows_logical_bugs

windows-exploitation windows-privilege-escalation

Last synced: 22 days ago
JSON representation

collect for learning cases

Awesome Lists containing this project

README

        

# awesome_windows_logical_bugs
Created this repo for the people who want to learn about windows logical privilege escalation bugs.
And also I added some of my findings. You can contact me via [@404death](https://twitter.com/404death) to add good article which I missed.

`work in progress (WIP) , I'm always update this repo when the new bugs release.`

#### Escalation of Privileges (Vulnerabilities and Other Research):
* [Windows logical EoP Bugs](https://github.com/sailay1996/awesome_windows_logical_bugs/blob/master/learning_note_bookmarks.txt)

#### Privileged File Operations Bugs To SYSTEM shell (Techniques):
* [Arbitrary Directory Deletion to SYSTEM shell](https://github.com/sailay1996/awesome_windows_logical_bugs/blob/master/dir_delete2system.txt)
* [Arbitrary File create/write to SYSTEM shell](https://github.com/sailay1996/awesome_windows_logical_bugs/blob/master/FileWrite2system.txt)
* [Arbitrary Directory creation to SYSTEM shell](https://github.com/sailay1996/awesome_windows_logical_bugs/blob/master/dir_create2system.txt)

#### Service account to SYSTEM privilege (Token Impersonation) :
* [service2system Privileged access](https://github.com/sailay1996/awesome_windows_logical_bugs/blob/master/service2system.txt)

#### Tools:
* James Forshaw’s purpose-built tools & libraries
* https://github.com/googleprojectzero/symboliclink-testing-tools
* https://github.com/googleprojectzero/sandbox-attacksurface-analysis-tools
* Windows built-in tools (powershell, cmd, filesystem utilities)
* SysInternals

#### Research by James Forshaw / Google Project Zero

* https://googleprojectzero.blogspot.com/2015/08/windows-10hh-symbolic-link-mitigations.html
* https://googleprojectzero.blogspot.com/2015/12/between-rock-and-hard-link.html
* https://googleprojectzero.blogspot.com/2016/02/the-definitive-guide-on-win32-to-nt.html
* https://googleprojectzero.blogspot.com/2017/08/windows-exploitation-tricks-arbitrary.html
* https://googleprojectzero.blogspot.com/2018/04/windows-exploitation-tricks-exploiting.html
* https://infocon.org/cons/SyScan/SyScan%202015%20Singapore/SyScan%202015%20Singapore%20presentations/SyScan15%20James%20Forshaw%20-%20A%20Link%20to%20the%20Past.pdf
* https://vimeo.com/133002251

#### Thank to:
[@tiraniddo](https://twitter.com/tiraniddo)
[@SandboxBear](https://twitter.com/SandboxBear)
[@jonasLyk](https://twitter.com/jonasLyk)
[@itm4n](https://twitter.com/itm4n)
[@decoder_it](https://twitter.com/decoder_it)
[@enigma0x3](https://twitter.com/enigma0x3)
[@padovah4ck](https://twitter.com/padovah4ck)
[@clavoillotte](https://twitter.com/clavoillotte)
[@PsiDragon](https://twitter.com/PsiDragon)
[@edwardzpeng](https://twitter.com/edwardzpeng)

#### suggestion : If you want to deep dive about windows, go first to `Windows Internal` [ebook](https://www.microsoftpressstore.com/store/windows-internals-part-1-system-architecture-processes-9780735684188)