CYBER MONGOL
  • ASATA
  • Our Journey
  • Intelligence Engine
  • Human-Machine Teaming
  • Operator Research
  • Achievements and Media
  • Counter Intelligence
  • ASATA
  • Our Journey
  • Intelligence Engine
  • Human-Machine Teaming
  • Operator Research
  • Achievements and Media
  • Counter Intelligence
Search by typing & pressing enter

YOUR CART

5/17/2021

FUD UAC Bypass on an MDE Protected Endpoint via Profiling DLL

FUD UAC Bypass on an MDE Protected Endpoint via Profiling DLL

“The .NET Framework can be made to load a profiling DLL or a COM component DLL via user-defined environment variables and CLSID registry entries, even when the process is elevated. This behavior can be exploited to bypass UAC in default settings on Windows 7 to 10.” Our team is quite impressed with the amount of operationalized counter cyber intelligence (CCI) we are able to distill from our data, after the Cyber Fist search upgrade. MDE has done a pretty good job mitigating UAC bypasses but we were able to use a technique found using Cyber Fist that ran FUD. Full details can be found below:
 
 
Blog1: https://3gstudent.github.io/Use-CLR-to-bypass-UAC
 
 
Blog2: https://offsec.almond.consulting/UAC-bypass-dotnet.html
 
 
 
#infosec #cybersecurity #informationsecurity #threatintelligence #networksecurity #sec #security #tools #offensivesecurity #pentesting #redteam #blueteam
 
 
 


Comments are closed.

    Archives

    December 2021
    November 2021
    October 2021
    July 2021
    June 2021
    May 2021
    April 2021
    March 2021
    February 2021
    January 2021
    September 2020
    August 2020
    July 2020

    Categories

    All

    RSS Feed

contact us:
© COPYRIGHT 2015. ALL RIGHTS RESERVED.