A long time ago, I started writing a tool to look for local privilege escalation vectors on Windows systems – e.g. weak permissions on files, directories, service registy keys.  I never quite got round to finishing it, but the project could still be useful to pentesters and auditors in its current part-finished state. I’d suggest giving it a […]

Post-Exploitation in Windows: From Local Admin To Domain Admin (efficiently)

There are some excellent tools and techniques available to pentesters trying to convert their local admin rights into domain admin rights.  This page seeks to provide a reminder of some of the most common and useful techniques as well as rating their effectiveness to suggest which ones to try first. The premise of all the […]

Owning Firefox on Windows

I just read Thor’s great write-up of the recent Firefox vulnerability.  Well worth a read.

Windows User Enumeration for Time Restricted Accounts

Sid released an advisory about an interesting username enumeration vulnerability over the weekend: Username enumeration vulnerabilities are a classic mistake that vendors seem fated to repeat.  It’s surprising to see one in such a mature product, though.  Well spotted, Sid.