Exploring sc, sc qc, and icacls for Privilege Escalation on Windows When you land on a Windows machine as a low-privileged user, your next job is to enumerate the environment mercilessly. You want to find services you can hijack, permissions you can abuse, and binaries that’ll help you escalate to SYSTEM. This is where commands […]
winPEAS for Windows PrivEsc When you gain initial access on a Windows machine — whether through a low-privileged user shell, a foothold via Metasploit, or a reverse shell — the next step is often privilege escalation. One of the most powerful tools to automate and accelerate this process is winPEAS. This post covers: What is
1. Identification & Authentication Key Components: 2. Authorization Key Components: 3. Principals & Security Identifiers (SIDs) SIDs uniquely identify user, group, and computer accounts. Used throughout the OS for access control. Examples: 4. Privileges & User Rights Managed via: Examples: 5. File & Registry Security 6. Services & Session Security 7. Memory & Execution Protection
Windows Security Architecture Overview Read More »
PowerUp: Windows Privilege Escalation When you’re dropped into a Windows shell during an engagement, one of your top priorities is figuring out how to escalate privileges — ideally from a low-privileged user to SYSTEM. PowerUp, a PowerShell tool from the PowerSploit framework, was made for exactly this. In this post, we’ll walk through what PowerUp
