"whoami /priv" - show me your Windows privileges and I will lead you to SYSTEM

Presented at RomHack 2018, Sept. 22, 2018, 11:30 a.m. (45 minutes)

On Windows systems, users can be given special privileges. Some of these, if appropriately abused can lead to elevation of privileges to become SYSTEM. In this talk, I will explain what the privileges and tokens are, how to get them, and based on their characteristics, identify some possible paths for privilege escalation. Particular attention will be devoted to the privileges "SeImpersonate" and "SeAssignPrimary" which, combined with the "Rotten Potato" exploit and our subsequent research, have proved to be "Golden Privilege".

Presenters:

• Andrea Pierini
  I'm am IT Architect & Security Manager with long-term experience and in-depth knowledge covering all aspects of IT: from SW development to systems administration; networking administration and IT security. I can define myself an "It security enthusiast", interested in all emerging technologies in offensive and defensive security. I like writing and speaking about IT security & pentesting.

Links:

• https://2018.romhack.io/program_en.html#second
• https://2018.romhack.io/slides/RomHack 2018 - Andrea Pierini - whoami priv - show me your Windows privileges and I will lead you to SYSTEM.pdf

Similar Presentations:

• DeepSec 2019 „Internet of Facts and Fears“ / Well, That Escalated Quickly! - A Penetration Tester's Approach to Windows Privilege Escalation
• BSidesLV 2017 / How to escalate privileges to administrator in latest Windows.
• NolaCon 2015 / Managing Elevated Privileges in the Enterprise Environment