├── README.md
└── windows privesc sectalks BNE0x19.pdf


/README.md:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 3 | # Windows-Privesc
 4 | 
 5 | Introduction into windows privilege escalation
 6 | 
 7 | Presented by me at Sectalks BNE0x19 (26th Session)  
 8 | Created this presentation to force myself to learn a topic which I struggled with.
 9 | 
10 | 
11 | Unfortunately I did not get the time to incorporate all my ideas before the presentation. However I will be looking at adding to this in the near future.
12 | 
13 | 
14 | ## Content
15 | 
16 | ### Password mining
17 |   &gt; Files
18 | 
19 |   &gt; SAM/Unattended/sysprep
20 | 
21 |   &gt; Registry
22 | 
23 | 
24 | ### AlwaysInstallElevated
25 | 
26 | ### Services
27 | 
28 |   &gt; Weak File Permissions
29 | 
30 |   &gt; Weak Registry Permissions
31 | 
32 |   &gt; Unquoted Service Paths
33 | 
34 |   &gt; DLL Hijacking
35 | 
36 | ### Kernal exploits
37 | 
38 |   &gt; Finding an exploit
39 | 
40 |   &gt; Compiling exploits
41 | 
42 | ### Post Exploitation
43 | 
44 |   &gt; Mimikatz
45 | 
46 | ### Automation
47 | 
48 |   &gt; Windows-privesc-check
49 | 
50 | ### Other
51 | 
52 |   &gt; Powersploit
53 | 
54 | 
55 | 
56 | ## Tools
57 | 
58 | creddump                    -&gt; https://tools.kali.org/password-attacks/creddump
59 | 
60 | ICACLS  -&gt; Built into windows
61 | 
62 | Accesschk            -&gt; https://docs.microsoft.com/en-us/sysinternals/downloads/accesschk
63 | 
64 | Windows-exploit-suggester  -&gt; https://github.com/GDSSecurity/Windows-Exploit-Suggester
65 | 
66 | Mimikatz              -&gt; https://github.com/gentilkiwi/mimikatz/
67 | 
68 | Windows-Priv-Check   -&gt; https://github.com/pentestmonkey/windows-privesc-check
69 | 
70 | Powersploit     -&gt; https://github.com/PowerShellMafia/PowerSploit
71 | 
72 | 
73 | 
74 | ## Sources
75 | 
76 | http://www.tenable.com/sc-report-templates/microsoft-windows-unquoted-service-path-vulnerability
77 | 
78 | http://blog.opensecurityresearch.com/2014/01/unsafe-dll-loading-vulnerabilities.html
79 | 
80 | https://www.exploit-db.com/docs/31687.pdf
81 | 
82 | http://travisaltman.com/windows-privilege-escalation-via-weak-service-permissions/
83 | 
84 | http://www.primalsecurity.net/0x4-python-tutorial-exe/
85 | 
86 | http://blog.opensecurityresearch.com/2014/01/unsafe-dll-loading-vulnerabilities.html
87 | 
88 | https://pentestlab.blog/2017/03/27/dll-hijacking/
89 | 
90 | https://www.exploit-db.com/papers/14813/
91 | 
92 | https://msitpros.com/?p=2012
93 | 
94 | https://blog.rapid7.com/2015/12/21/scannow-dll-search-order-hijacking-vulnerability-and-deprecation/
95 | 
96 | 


--------------------------------------------------------------------------------
/windows privesc sectalks BNE0x19.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/togie6/Windows-Privesc/01c36c4a6ffd75179e5cbc4faedd8fa1b3e4a343/windows privesc sectalks BNE0x19.pdf


--------------------------------------------------------------------------------