YoVDO

The Rise of Potatoes - Privilege Escalation in Windows Services

Offered By: Hack In The Box Security Conference via YouTube

Tags

Hack In The Box Security Conference Courses Privilege Escalation Courses Vulnerability Research Courses

Course Description

Overview

Explore advanced privilege escalation techniques in Windows services in this comprehensive conference talk from Hack In The Box Security Conference. Delve into recent methods used to escalate privileges from service accounts, including a new 0day NTLM relay attack. Learn about common scenarios involving compromised web applications and MSSQL servers on Windows systems. Examine Windows Service Hardening (WSH) and its potential vulnerabilities, such as the Rotten/JuicyPotato exploit. Understand the implications of SeImpersonatePrivilege and its classification as a "God privilege" by Microsoft. Discover multiple ways to escalate from SERVICE to SYSTEM privileges, despite Microsoft's stance on this security boundary. Gain insights into the newly discovered RemotePotato0 attack vector, combining privilege escalation with NTLM relaying techniques.

Syllabus

#HITB2021AMS D2T1 - The Rise Of Potatoes: Priv. Esc. In Windows Services - A. Pierini & A. Cocomazzi


Taught by

Hack In The Box Security Conference

Related Courses

CNIT 127: Exploit Development
CNIT - City College of San Francisco via Independent
Enterprise Security Fundamentals
Microsoft via edX
Penetration Testing - Post Exploitation
New York University (NYU) via edX
Ultimate Ethical Hacking and Penetration Testing (UEH)
Udemy
Hands-on Penetration Testing Labs 4.0
Udemy