Provadys Offsensive Security Blog

All articles


SANS Christmas Challenge 2017

Published on Wed 10 January 2018 by Yannick Méheut

'Tis the season to be pwning, falalalala lalalala. Each year, the SANS team publishes a Christmas Challenge against which anyone can test their skills. This year was no exception, and here's our write-up for the 2017 SANS Christmas Challenge.

UAC bypass via elevated .NET applications

Published on Fri 15 September 2017 by @clavoillotte

.NET Framework can be made to load a profiling DLL or a COM component DLL via user-defined environment variables and CLSID registry entries, even when the process is elevated. This behavior can be exploited to bypass UAC in default settings on Windows 7 to 10 (including the latest RS3 builds) by making an auto-elevate .NET process (such as MMC snap-ins) load an arbitrary DLL.