Hardlinks again! Yes, there are plenty of opportunities to raise your privileges due to incorrect permissions settings when combined with  hardlinks in many softwares (MS included) 😉 In this post I'm going to show how to use the DropBoxUpdater  service in order to get SYSTEM privileges starting from a simple Windows user. Please note:  I'm…

As promised in my previous post , I will show you how to exploit the "Printconfig" dll with a real world example. But what does Apple's iPhone have to do with it?? Well, keep on reading... (sorry  no TL;DR) Some time ago, I was looking for possible privileged file operations exploitable via hardlinks. At some…

 This post has been written by me and two friends: @splinter_code and 0xea31This is the "unintended" result of a research we did on Juicypotato exploit in order to find a possible bypass on restrictions MS applied in latest Windows versions.We all know that, up to Windows 2016 and Windows 10 1803, it's possible for a…