Welcome to my blog!


$finger decoder
Login: decoder Name: IT Security enthusiast
Directory: /italy Shell: /sbin/shell2heaven
Always logged in.
decoder[dot]ap[at]gmail[dot]com No spam.  
Twitter: @decoder_it
Enjoy and leave comments!


My posts:

Elevation of privilege in Group Policy Client  CVE-2022-37955

When Swapping  the Context leads you to SYSTEM

Giving JuicyPotato a second chance: JuicyPotatoNG

Group Policy Folder Redirection CVE-2021-26887

A not-so-common and stupid privilege escalation

Relaying Potatoes

Hands off my (MS) cloud services!

Hands off my IIS accounts!

Hands off my service account!

When a stupid oplock leads you to SYSTEM

When ntuser.pol leads you to SYSTEM

Abusing Group Policy Caching

The impersonation game

No more JuicyPotato? Old story, welcome RoguePotato!


Exploiting Feedback Hub in Windows 10

The strange case of “open-ssh” in Windows Server 2019

The strange RPC interface (MS, are you trolling me?)

From Hyper-V Admin to SYSTEM

From dropbox(updater) to NT AUTHORITY\SYSTEM


We thought they were potatoes but they were beans (from Service Account to SYSTEM again)

From arbitrary file overwrite to SYSTEM

Creating Windows Access Tokens

Combinig LUAFV PostLuafvPostReadWrite Race Condition PE with DiagHub collector exploit -> from standard user to SYSTEM

Donkey’s guide to Resource Based Constrained Delegation Exploitation – from simple user to (almost) DA –

Windows Named Pipes & Impersonation

Demystifying Windows Service “permissions” configuration

Creating Symbolic Links in Windows 10

No more rotten/juicy potato?

Fear the Rotten/Juicy potato attack?

Slides from my talk “whoami /priv” at Romhack 2018

Juicy Potato (abusing the golden privileges)

Windows e le privilege escalations che non ti aspetti (italian)

The power of backup operators

Getting SYSTEM

Potatoes and tokens

The lonely potato – part 2 –

The lonely potato  (here) you can download the entire c# project

We don’t need powershell.exe – 4 –

“Poor man’s process migration”

We don’t need powershell.exe -part 3-

We don’t need powershell.exe – part 2 –

We don’t need powershell.exe

From Pass-the-Hash to Pass-the-Ticket with no pain

Simple ASLR/NX bypass on a Linux 32 bit binary

From APK to Golden ticket

The road to “silver”

The “SYSTEM” challenge

The “Golden Ticket” solution

Grab the Windows secrets!

Bypassing UAC from a remote powershell and escalting to “SYSTEM”

Dirty tricks with Powershell

Idiot’s quick & dirty guide to buffer overflow on GNU/Linux X64 architecture

“Speedy” HTTP2 challenge on game.rop.sh


Make a one-time donation

Make a monthly donation

Make a yearly donation

Choose an amount


Or enter a custom amount


Your contribution is appreciated.

Your contribution is appreciated.

Your contribution is appreciated.

DonateDonate monthlyDonate yearly

Any  actions and or activities related to the material contained within this Website is solely your responsibility.The misuse of the information in this website can result in criminal charges brought against the persons in question. The author of decoder.cloud will not be held responsible in the event any criminal charges be brought against any individuals misusing the information in this website to break the law.

6 thoughts on “Decoder’s Blog

  1. Hey just to say i’ve really enjoyed all your blogs, i’ve been going through them one by one and they’ve been incredibly helpful.


  2. Good time
    I want to use a Juicy potato for a penetration testing project But the antivirus on the server removes the Juicy potato.
    Is there a way to bypass this?

    Liked by 1 person

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s