Showing Articles About
privilege escalation
-
Max Keasley - 12 Apr 2024
Exploiting the AWS Client VPN on macOS for Local Privilege Escalation (CVE-2024-30165)
A local privilege escalation vulnerability was discovered in AWS Client VPN 3.9.0 for macOS. The flaw stemmed from an XPC service lacking proper client verification, allowing an attacker to uninstall the application and execute malicious scripts with root privileges. The vulnerability enabled unauthorized root-level actions through the XPC service's insufficient validation of message origins.
-
Alex Gassem - 29 Feb 2024
Binary Exploitation for SPECIAL Occasions: Privilege Escalation in z/OS
This article explores a privilege escalation technique in z/OS mainframe systems by manipulating the Accessor Environment Element (ACEE). The technique involves creating an APF-authorized assembly program that modifies user flags in memory to gain SPECIAL privileges. The exploit demonstrates how low-level memory structures and system internals can be leveraged to escalate system access.
- 28 Apr 2021
Attack Detection Fundamentals 2021: Azure - Lab #2
An Azure security lab demonstrated privilege escalation by exploiting insecure Logic App workflow configurations. By leveraging a service principal with Reader permissions, sensitive credentials embedded in clear text were discovered. The attack allowed escalation from Reader to Contributor-level access in the Azure resource group.
- 3 Jul 2020
Helping root out of the container
A container breakout technique exploits AF_LOCAL sockets to smuggle file descriptors into a container. By passing a file descriptor for the root directory, a root user within the container can modify files outside its mount namespace. This attack demonstrates how root access in a container can compromise intended security isolation boundaries.
- 11 Jun 2020
Abusing access to mount namespaces through /proc/pid/root
Linux namespaces can be abused for privilege escalation in containerized environments. Two key attack vectors are demonstrated: creating block devices in Docker containers to bypass access controls and exploiting symlink vulnerabilities through mount and user namespaces. The research highlights potential security risks in container configurations and namespace implementations.
- 17 Jan 2020
Misadventures in AWS
This article details manual techniques for AWS security assessment and privilege escalation during penetration testing. The approach involves generating temporary access keys for multiple AWS roles and systematically collecting data across different accounts using AWS CLI tools. The methodology demonstrates how an attacker with limited initial access can enumerate AWS resources, analyze IAM policies, and potentially escalate privileges within an AWS environment.
- 10 Mar 2017
A Window into Ring0
Sam Brown's presentation explores Windows kernel mode attack surfaces and vulnerabilities in modern systems. The talk covers techniques for finding bugs in kernel mode code and common exploitation methods for gaining system-level access. Brown discusses the increasing trend of attackers targeting kernel mode to bypass user account restrictions and sandboxing.
- Luke Jennings
- 2 Apr 2015
How to own any Windows network with group policy hijacking attacks
Group policy hijacking attacks can compromise Windows networks by intercepting and manipulating group policy traffic. The attacks exploit vulnerabilities in SMB signing and Kerberos authentication to gain SYSTEM-level access on domain-joined systems. Multiple attack vectors allow attackers to modify group policy settings and execute arbitrary code on target networks.
- Luke Jennings
- 13 Feb 2015
Practically Exploiting MS15-014 and MS15-011
The article details two Microsoft vulnerabilities (MS15-011 and MS15-014) that enable remote code execution on domain-joined Windows systems. These vulnerabilities can be exploited through a two-stage attack method to gain SYSTEM-level access by manipulating group policy and SMB signing configurations. A video demonstration shows how these vulnerabilities can be chained together to compromise hardened domain environments.
- Kostas Lintovois
- 31 Oct 2014
Windows Services - All roads lead to SYSTEM
This whitepaper examines security vulnerabilities in Windows services, focusing on configuration-related flaws that can lead to privilege escalation. It explores six key service areas where misconfigurations can provide attackers opportunities to execute arbitrary code with elevated system privileges. The document provides insights into assessing and remediating potential security risks in Windows service configurations.