About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Escalating Privileges with CylancePROTECT- 87

Ryan HansonPosted 6 Years Ago
  • Why was a priv esc in the researchers mind? In his words:
    1. As a user, I could communicate with the CylanceSvc service and influences its behavior.
    2. As a user, I could trigger the CyUpdate process to spawn with SYSTEM privileges.
    3. As a user, I could cause the CylanceUI process to write to the same file/folder as the SYSTEM process.
  • By using some symbolic link black magic, pioneered by James Forshaw, the file name could be easily controlled.
  • With the ability to write to any file location with any file content, a DLL injection was used in order to compromise the system.
  • I really enjoyed the threat model that Ryan laid out in this research; gives me an insight into doing priv esc research! :)

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed