Microsoft Windows has a long history of outstanding security vulnerabilities that many of us in the security industry are well aware of. Microsoft has released advisories with mitigations for some of these vulnerabilities, however due to compatibility, performance, and time/budget constraints, these mitigations are often not deployed consistently.
In this project we take advantage of a number of these issues to develop a local privilege escalation exploit for Microsoft Windows that is safe and reliable for Windows versions through 8.1 (further testing pending). Microsoft security team was informed on 9/22/2015 and has not responded to date. Exploit code in C# will be released in coordination with the talk.
Inspired by one of the steps in the above PoC, a second technique will be discussed that allows NBNS spoofing attacks across network broadcast domains. Code for this will be released as a feature-addition to the popular "Responder" tool.