Forwarded from APT
🥔 Coerced Potato
New tool for local privilege escalation on a Windows machine, from a service account to NT SYSTEM. Should work on any recent versions of Windows.
⚙️ Tool:
https://github.com/hackvens/CoercedPotato
📝 Research:
https://blog.hackvens.fr/articles/CoercedPotato.html
#windows #lpe #seimpersonateprivilege #potato
New tool for local privilege escalation on a Windows machine, from a service account to NT SYSTEM. Should work on any recent versions of Windows.
⚙️ Tool:
https://github.com/hackvens/CoercedPotato
📝 Research:
https://blog.hackvens.fr/articles/CoercedPotato.html
#windows #lpe #seimpersonateprivilege #potato
🔥34👍9
Forwarded from APT
298559809-27f286d7-e0e3-47ab-864a-e040f8749708.webm
6.5 MB
This vulnerability targets the Common Log File System (CLFS) and allows attackers to escalate privileges and potentially fully compromise an organization’s Windows systems. In April 2023, Microsoft released a patch for this vulnerability and the CNA CVE-2023-28252 was assigned.
📊 Affects version:
— Windows 11 21H2 (clfs.sys version 10.0.22000.1574);
— Windows 11 22H2;
— Windows 10 21H2;
— Windows 10 22H2;
— Windows Server 2022.
Research:
🔗 https://www.coresecurity.com/core-labs/articles/analysis-cve-2023-28252-clfs-vulnerability
Exploit:
🔗 https://github.com/duck-sec/CVE-2023-28252-Compiled-exe
#windows #privesc #clfs #driver
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥19👍5🙏1
CVE-2024-21338: Windows Admin-to-Kernel LPE
Уязвимы Windows 10 & 11
PoC: https://github.com/hakaioffsec/CVE-2024-21338
Blog: https://hakaisecurity.io/cve-2024-21338-from-admin-to-kernel-through-token-manipulation-and-windows-kernel-exploitation/research-blog/
#lpe #windows #exploit #redteam
Уязвимы Windows 10 & 11
PoC: https://github.com/hakaioffsec/CVE-2024-21338
Blog: https://hakaisecurity.io/cve-2024-21338-from-admin-to-kernel-through-token-manipulation-and-windows-kernel-exploitation/research-blog/
#lpe #windows #exploit #redteam
🔥26👍8😁5
Forwarded from APT
🖼 AnyDesk — Local Privilege Escalation (CVE-2024-12754)
A vulnerability in AnyDesk allows low-privileged users to perform arbitrary file read and copy operations with NT AUTHORITY\SYSTEM privileges. Exploitation is possible by manipulating the background image, creating symbolic links, and leveraging ShadowCopy, granting access to SAM, SYSTEM, and SECURITY files, ultimately leading to privilege escalation to administrator.
🔗 Source:
https://mansk1es.gitbook.io/AnyDesk_CVE-2024-12754
#windows #anydesk #lpe #cve
A vulnerability in AnyDesk allows low-privileged users to perform arbitrary file read and copy operations with NT AUTHORITY\SYSTEM privileges. Exploitation is possible by manipulating the background image, creating symbolic links, and leveraging ShadowCopy, granting access to SAM, SYSTEM, and SECURITY files, ultimately leading to privilege escalation to administrator.
🔗 Source:
https://mansk1es.gitbook.io/AnyDesk_CVE-2024-12754
#windows #anydesk #lpe #cve
🔥28👍13🎉2🥰1
Forwarded from APT
🔍 Exploring NTDS.dit
This blog post examines the structure of the NTDS.dit file, which stores data for Active Directory. It also introduces DIT Explorer, a new open-source tool designed for analyzing NTDS.dit, demonstrating how it interprets the database to provide a structured view of the directory.
🔗 Research:
https://trustedsec.com/blog/exploring-ntds-dit-part-1-cracking-the-surface-with-dit-explorer
🔗 Source:
https://github.com/trustedsec/DitExplorer
#ad #windows #ntds #dnt
This blog post examines the structure of the NTDS.dit file, which stores data for Active Directory. It also introduces DIT Explorer, a new open-source tool designed for analyzing NTDS.dit, demonstrating how it interprets the database to provide a structured view of the directory.
🔗 Research:
https://trustedsec.com/blog/exploring-ntds-dit-part-1-cracking-the-surface-with-dit-explorer
🔗 Source:
https://github.com/trustedsec/DitExplorer
#ad #windows #ntds #dnt
🔥18👍9
CVE-2025-48799: Windows Update Service LPE
PoC: https://github.com/Wh04m1001/CVE-2025-48799
Patched: July 8, 2025
#lpe #windows #pentest #redteam
PoC: https://github.com/Wh04m1001/CVE-2025-48799
Patched: July 8, 2025
This vulnability affects windows clients (win11/win10) with at least 2 hard drives.
#lpe #windows #pentest #redteam
GitHub
GitHub - Wh04m1001/CVE-2025-48799
Contribute to Wh04m1001/CVE-2025-48799 development by creating an account on GitHub.
🔥20👍8😁3
Forwarded from APT
🔑 Golden DMSA
Critical vulnerability in Windows Server 2025 allows attackers with KDS root key access to generate passwords for all dMSA/gMSA accounts forest-wide. New research reveals design flaw in ManagedPasswordId structure - only 1,024 possible combinations makes brute-force trivial.
🔗 Research:
https://www.semperis.com/blog/golden-dmsa-what-is-dmsa-authentication-bypass/
🔗 Source:
https://github.com/Semperis/GoldenDMSA
#ad #windows #dmsa #kerberos #persistence
Critical vulnerability in Windows Server 2025 allows attackers with KDS root key access to generate passwords for all dMSA/gMSA accounts forest-wide. New research reveals design flaw in ManagedPasswordId structure - only 1,024 possible combinations makes brute-force trivial.
🔗 Research:
https://www.semperis.com/blog/golden-dmsa-what-is-dmsa-authentication-bypass/
🔗 Source:
https://github.com/Semperis/GoldenDMSA
#ad #windows #dmsa #kerberos #persistence
👍17🔥10😁3🤔3