Resources
People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!
- Quote to some up the reason for going down this attack vector: "When a privilged service writes to a user owned resource, it opens up the possibility of s symlink (vuln)...".
- Used dnSpy to open up the C# binaries to get full source code recovery. That's a really nice thing to have! Another useful tool was procmon, which shows the running processes in Windows.
- With an arbitrary file write with some Windows file black magic, they were able to take over the computer.
- Why did this happen? Impersonation features are really hard to get right! Either don't do them or really test that they are done correctly.
