Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/sailay1996/awesome_windows_logical_bugs
collect for learning cases
https://github.com/sailay1996/awesome_windows_logical_bugs
List: awesome_windows_logical_bugs
windows-exploitation windows-privilege-escalation
Last synced: 22 days ago
JSON representation
collect for learning cases
- Host: GitHub
- URL: https://github.com/sailay1996/awesome_windows_logical_bugs
- Owner: sailay1996
- Created: 2020-01-27T04:34:58.000Z (almost 5 years ago)
- Default Branch: master
- Last Pushed: 2023-09-27T10:16:07.000Z (about 1 year ago)
- Last Synced: 2024-05-21T20:09:12.188Z (7 months ago)
- Topics: windows-exploitation, windows-privilege-escalation
- Language: VBScript
- Size: 1.74 MB
- Stars: 551
- Watchers: 26
- Forks: 74
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - sailay1996/awesome_windows_logical_bugs - collect for learning cases (VBScript)
README
# awesome_windows_logical_bugs
Created this repo for the people who want to learn about windows logical privilege escalation bugs.
And also I added some of my findings. You can contact me via [@404death](https://twitter.com/404death) to add good article which I missed.
`work in progress (WIP) , I'm always update this repo when the new bugs release.`#### Escalation of Privileges (Vulnerabilities and Other Research):
* [Windows logical EoP Bugs](https://github.com/sailay1996/awesome_windows_logical_bugs/blob/master/learning_note_bookmarks.txt)#### Privileged File Operations Bugs To SYSTEM shell (Techniques):
* [Arbitrary Directory Deletion to SYSTEM shell](https://github.com/sailay1996/awesome_windows_logical_bugs/blob/master/dir_delete2system.txt)
* [Arbitrary File create/write to SYSTEM shell](https://github.com/sailay1996/awesome_windows_logical_bugs/blob/master/FileWrite2system.txt)
* [Arbitrary Directory creation to SYSTEM shell](https://github.com/sailay1996/awesome_windows_logical_bugs/blob/master/dir_create2system.txt)#### Service account to SYSTEM privilege (Token Impersonation) :
* [service2system Privileged access](https://github.com/sailay1996/awesome_windows_logical_bugs/blob/master/service2system.txt)#### Tools:
* James Forshaw’s purpose-built tools & libraries
* https://github.com/googleprojectzero/symboliclink-testing-tools
* https://github.com/googleprojectzero/sandbox-attacksurface-analysis-tools
* Windows built-in tools (powershell, cmd, filesystem utilities)
* SysInternals#### Research by James Forshaw / Google Project Zero
* https://googleprojectzero.blogspot.com/2015/08/windows-10hh-symbolic-link-mitigations.html
* https://googleprojectzero.blogspot.com/2015/12/between-rock-and-hard-link.html
* https://googleprojectzero.blogspot.com/2016/02/the-definitive-guide-on-win32-to-nt.html
* https://googleprojectzero.blogspot.com/2017/08/windows-exploitation-tricks-arbitrary.html
* https://googleprojectzero.blogspot.com/2018/04/windows-exploitation-tricks-exploiting.html
* https://infocon.org/cons/SyScan/SyScan%202015%20Singapore/SyScan%202015%20Singapore%20presentations/SyScan15%20James%20Forshaw%20-%20A%20Link%20to%20the%20Past.pdf
* https://vimeo.com/133002251#### Thank to:
[@tiraniddo](https://twitter.com/tiraniddo)
[@SandboxBear](https://twitter.com/SandboxBear)
[@jonasLyk](https://twitter.com/jonasLyk)
[@itm4n](https://twitter.com/itm4n)
[@decoder_it](https://twitter.com/decoder_it)
[@enigma0x3](https://twitter.com/enigma0x3)
[@padovah4ck](https://twitter.com/padovah4ck)
[@clavoillotte](https://twitter.com/clavoillotte)
[@PsiDragon](https://twitter.com/PsiDragon)
[@edwardzpeng](https://twitter.com/edwardzpeng)#### suggestion : If you want to deep dive about windows, go first to `Windows Internal` [ebook](https://www.microsoftpressstore.com/store/windows-internals-part-1-system-architecture-processes-9780735684188)