"whoami /priv" - show me your Windows privileges and I will lead you to SYSTEM

Presented at RomHack 2018, Sept. 22, 2018, 11:30 a.m. (45 minutes)

On Windows systems, users can be given special privileges. Some of these, if appropriately abused can lead to elevation of privileges to become SYSTEM. In this talk, I will explain what the privileges and tokens are, how to get them, and based on their characteristics, identify some possible paths for privilege escalation. Particular attention will be devoted to the privileges "SeImpersonate" and "SeAssignPrimary" which, combined with the "Rotten Potato" exploit and our subsequent research, have proved to be "Golden Privilege".


  • Andrea Pierini
    I'm am IT Architect & Security Manager with long-term experience and in-depth knowledge covering all aspects of IT: from SW development to systems administration; networking administration and IT security. I can define myself an "It security enthusiast", interested in all emerging technologies in offensive and defensive security. I like writing and speaking about IT security & pentesting.


Similar Presentations: