Windows Exploitation Tricks: Exploiting Arbitrary File Writes for Local Elevation of Privilege

Discussion in 'other security issues & news' started by Minimalist, Apr 18, 2018.

  1. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,885
    Location:
    Slovenia, EU
    https://googleprojectzero.blogspot.com/2018/04/windows-exploitation-tricks-exploiting.html
     
    Minimalist, Apr 18, 2018
    #1
  2. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    By far the very best defense I ever seen on any Windows platform from A to wherever we are now, are the Permissions.

    Refuse any process to even just Read a file and it's task ends totally inert and useless. As though it was encrypted or something similar.

    Interesting article though and sort of intriguing Microsoft has been really (seemingly) trying to press the envelope to cover bases/poke points.

    It's understood they are fanatical over features but jiminy christmas, for every new feature they stuff it with, the dozens and dozens of more dlls and who knows how many other extension files they pour onto the mainframe just to make them work. Which in turn introduces more and more vulnerabilities IMO.
     
    EASTER, Apr 18, 2018
    #2
  3. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,885
    Location:
    Slovenia, EU
    Yes, that's true. They seem to keep improving their security but OTOH increase their "attack surface" with each new release.
     
    Minimalist, Apr 19, 2018
    #3
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...