Active Cyber
  • Home
  • About
  • Team
  • Services
  • Careers
  • News
  • Contact
  • ActiveLabs
ACTIVELabs
Powered by ACTIVECYBER, LLC

Fileless UAC Bypass in Windows Store Binary

3/14/2019

5 Comments

 
**Update** - 9/13/2019
Metasploit has added a module for the UAC Bypass in Windows! Most of Metasploit modules are built by community contributors for free (i. e. modules that are worth the effort to be included to make Metasploit users life easier). This UAC bypass was chosen due to the fact it a) does not require user interaction and b) it’s file-less (no dropping files on disk is needed). It’s common practice to give credit when its due when creating modules hence the reference to ACTIVELabs for the discovery. Find the module here.
**Update** - 5/23/2019
Please note Microsoft has released a behavioral detection for this attack vector in Windows Defender Antivirus with an alert level of “SEVERE."  We can confirm it works as expected. See the link here.
​

Based on the increased interest in User Account Control (UAC) bypass research as of late, we've decided to read more on the subject and attempt to identify some sort of a pattern which ultimately led to finding our first UAC (still valid as of this writing) bypass. The following is a walkthrough of said finding. Please note we will not discuss UAC internals as there are plenty of well-written posts out there. In addition, will be using Windows 10 Version 1803 (OS Build 17134.590) as an example.
Picture

Read More
5 Comments

    Archives

    February 2023
    July 2021
    November 2020
    August 2020
    July 2020
    June 2020
    April 2020
    March 2020
    February 2020
    November 2019
    August 2019
    May 2019
    April 2019
    March 2019

    ACTIVELabs was created in 2018 to hunt and research undiscovered vulnerabilities, report them to vendors via responsible disclosure programs, publish advisories, develop and validate new patches, and to share this information for the advancement of the cybersecurity community. ACTIVELabs was established with the mission of securing our ever-growing client base, partnerships, and the technology community as a whole.
     
    We are actively providing the community with verified findings and research that leads to the creation of new Common Vulnerabilities and Exposures (CVEs) and updates to the National Vulnerability Database (NVD). For a full listing of all of our Advisories, visit our GitHub page here.

    RSS Feed


ACTIVECYBER, LLC
888 Bestgate Road, Suite 316
​Annapolis, MD 21401  
202.499.3774
©2022 ACTIVECYBER, LLC  | All rights reserved  |  Privacy Policy
Picture
Picture
  • Home
  • About
  • Team
  • Services
  • Careers
  • News
  • Contact
  • ActiveLabs