Not a Security Boundary - Bypassing User Account Control
Offered By: YouTube
Course Description
Overview
Explore the intricacies of User Account Control (UAC) and its vulnerabilities in this 49-minute conference talk from Derbycon 7. Delve into the concept of UAC as a non-security boundary, understanding integrity levels and the security reference monitor. Examine bypass research techniques, including registry manipulation and file operations. Learn about the AlwaysNotify bypass and its associated PowerShell script. Gain insights into potential mitigations and use this talk as a starting point for further exploration of UAC security implications.
Syllabus
Intro
Presentation Overview
What is UAC
Not a security boundary
Integrity level
Security reference monitor
AlwaysNotify
Default isNotify
Bypass Research
The Ideal Situation
Process Monitor
Registry Manipulation
Other Primitives
Old IFile Operation
Registry Verb Handling Modification
John Lambert
Event Viewer
AlwaysNotify Bypass
PowerShell Script
Original POC
Mitigation
Starting Point
Related Courses
Computer SecurityStanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network