https://1dnu11.github.io/zet/Recent content in Zet on 🕵 1dnu11Hugo -- gohugo.ioen-USCopyright © 2024, 1dnu11.Sat, 23 Mar 2024 00:00:00 +0000https://1dnu11.github.io/zet/file-system-vulnerability-alternate-data-streams/Sat, 23 Mar 2024 00:00:00 +0000https://1dnu11.github.io/zet/file-system-vulnerability-alternate-data-streams/Alternate Data Streams (ADS) NTFS (New Technology File System) is the default file system for Windows. Alternate Data Streams (ADS) is an NTFS file attribute designed to provide compatibility with MacOS HFS (Hierarchical File System). Whenever we work with a file on an NTFS formatted drive, there will be two different forks/streams: Data stream: Default stream that contains the actual data of the file Resource stream: Contains the metadata of the file ADS can then be abused to hide malicious code or executables in legitimate files, thus avoiding detection.https://1dnu11.github.io/zet/privesc-bypassing-uac-with-uacme/Fri, 22 Mar 2024 00:00:00 +0000https://1dnu11.github.io/zet/privesc-bypassing-uac-with-uacme/UAC (User Account Control) UAC is a security feature introduced in Windows Vista. It is used to prevent changes to the operating system without the proper adminitrative approval. A non-privileged user attempting to execute a program with elevated privileges will be prompted with the UAC credential prompt, where a privileged user will just be prompted with a consent prompt. It’s possible to bypass UAC in order to execute malicious executables with elevated privileges.https://1dnu11.github.io/zet/privesc-access-token-impersonation/Fri, 22 Mar 2024 00:00:00 +0000https://1dnu11.github.io/zet/privesc-access-token-impersonation/Windows Access Tokens Created and managed by the *LSASS, access tokens are the core element of the authentication process on Windows. They are responsible for identifying and describing the security context of a process or thread. They can be seen as a temporary key that provides users with the required access to a system, without having to provide credentials each time a process is started or resources is used. They are generated by the winlogon.