[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] nt!_SEP_TOKEN_PRIVILEGES – Single Write EoP Protect

To: "fulldisclosure@xxxxxxxxxxxx" <fulldisclosure@xxxxxxxxxxxx>
Subject: [FD] nt!_SEP_TOKEN_PRIVILEGES – Single Write EoP Protect
From: Kyriakos Economou <arfproject@xxxxxxxxxxx>
Date: Wed, 19 Apr 2017 11:04:03 +0000

TL;DR: Abusing enabled token privileges through a kernel exploit to gain EoP it 
won’t be enough anymore as from NT kernel version 10.0.15063 they are ‘checked’ 
against the privileges present in the token of the calling process. So you will 
need two writes.


URL: 
http://www.anti-reversing.com/ntoskrnl-v10-0563_nt_sep_token_privileges-single-write-eop-protect/


kyREcon

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Prev by Date: [FD] Unicorn Emulator v1.0.1 is out!
Next by Date: [FD] [ERPSCAN-17-020] XXE VIA DOCTYPE in PeopleSoft PeopleSoftServiceListeningConnector
Previous by thread: [FD] Unicorn Emulator v1.0.1 is out!
Next by thread: [FD] [ERPSCAN-17-020] XXE VIA DOCTYPE in PeopleSoft PeopleSoftServiceListeningConnector
Index(es):
- Date
- Thread