Hacker Fantastic @hackerfantastic@social.hackerfraternity.org

iscsicpl autoelevate DLL Search Order hijacking UAC Bypass 0day - Windows 7-11 x64 only. https://github.com/hackerhouse-opensource/iscsicpl_bypassUAC

Last week.
Me: "AI is going to replace many aspects of cyber security jobs"
Red Teaming Lamers: "outrageous, impossible, *generic insult*"

This week.
Red Teaming Lamers: "look at this AI, it's doing things better than some of us, super interesting"
Me: "..."

🥱

I gave into peer pressure... I ordered the flipper zero.

This website was very useful to find exactly when the manifest changed, definitely worth a visit if you do any Microsoft vulnerability research and need to check system binary versions and changes. Thanks @raptor for pointing me towards this earlier today & @Rairii for suggestions - https://winbindex.m417z.com/

The manifest of this binary was adjusted to run asInvoker so the autoelevate attribute is no longer honored making it useless for UAC, on systems that have the legacy manifest it could already be trivially leveraged via mscfile shell open command registry. I leveraged OneDrive to sideload the DLL so it should only impact desktops, I do not think the server versions are impacted unless they ship with OneDrive. I'll check on 2012 but I doubt it will be exploitable to bypass UAC notification.

DLL side-loading vulnerability in Microsoft signed autoelevate CompMgmtLauncher.exe - unfortunately the manifest on this file changed in Windows 10 1703 so it can no longer be used to bypass UAC. The side loading doesn't trigger in 1507-1607, this maybe exploitable in some situations but is being discarded as a dead end. There is one more of these that we've found but have been unable to exploit. This one is only useful to sideload malware in a signed executable and not for UAC.

Is there a website that tracks changes to specific windows files and provides the patch level that the change occurred in? I am trying to locate when a specific component was changed under the Windows %SystemRoot% - trial and error says "sometime between 8 / 10" but I would like to know when something was patched.

Grrr spent the day hacking around and found some new UAC bypasses but they are patched in Windows 11 due to a change in a manifest but still impact Windows 10 and Windows 10 only. Other older versions may be impacted if another Microsoft product is installed but default on Windows 10. Release them or no interest?

If you are concerned about government agencies like CERT or CISA being on the fediverse, then I have some *shocking* news for you. 3-letter agencies and the military industrial complex have long since played a secret hand in the creation of decentralized, federated, social network services and anonymity technology. Those you fear have always been here and blocking instances hosting public relations accounts won't hide you or reduce your risks. Mastodon exposes the infosec/hacker divide on topic.

I should warn you all that my self-help and philosophy content is not posted here. I view Mastodon as a place where I can share hacking and tech content openly without breaking any terms-of-services and have true freedom of speech. My instance is self-hosted out of Iceland along with my peertube and Matrix service, e-mail is handled offshore in Sweden. You should consider this account the hackerfantastic but an after-dark edition...

I moved from gVim to Atom as a cross-platform text editor a few years ago, have just learned that they are "sunsetting" the editor. I am a big fan of VSCode and Visual Studio in general, XCode on MacOS but these are more fully-featured IDE's. What text editors will run on Windows, Linux and MacOS that offered the same flexibility as Atom? Seeking recommendations before I just go back to GTK+Vim and die a little inside. More info on the sunset for Atom 😢 https://github.blog/2022-06-08-sunsetting-atom/